Reply To: How to make the web-based Configuration page *configurable*?

#8146
rpedde
Participant

@davy_gravy wrote:

and now it works great… Anyone out there know a better setting/more secure way than using 777?

Probably the “right” way to do it would be to make a mt-daapd user, and chown the file to that user, and set permissions to 600. Then use stunnel to set up a ssl wrapper around the web admin.

Slightly less secure would be to keep running it as “guest” or “nobody” or whoever it’s running as now (so long as it’s not running as a privileged user or root), and set the config file to 600, running with stunnel. (if someone compromised another application running as nobody, the could read the config file, get the password, and change your server config).

Next would be not bothering to run it under a stunnel under the theory that either nobody is sniffing your traffic, or you don’t care if some crazy rogue changes your music server settings.

So there you go. I basically use the last setting. Chown the config file to nobody and chmod it to 600.

World readable is a little crazy, imho, but if it’s not a multi-user system, it probably doesn’t much matter.