Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#750031: motion: Motion group is not documented
3 views
Skip to first unread message
ael
May 31, 2014, 5:10:02 PM5/31/14
to
Package: motion
Version: 3.2.12+git20140228-4+b1
Severity: minor
An ordinary user must be a member of the group motion in order to
read /etc/motion/motion.conf. This is not documented in the Debian
packages (unless I missed it, and I looked hard). Perhaps in the
man page or a /usr/share/doc/motion/README.Debian?
In passing, the /etc/motion/motion.conf has several peculiar settings,
especially
target_dir /var/lib/motion
which is not accessible to an ordinary user and a very odd choice.
I suggest it be commented out in the Debian version, so that the current
WD default is used.
These are minor, but very confsuing for a newbie.
----------------------------------------------------------------------
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.14-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages motion depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.53
ii libavcodec-extra-55 6:10.1-1
ii libavformat55 6:10.1-1
ii libavutil53 6:10.1-1
ii libc6 2.18-7
ii libjpeg8 8d-2
ii libmysqlclient18 5.5.37-1
ii libpq5 9.3.4-1
ii libsqlite3-0 3.8.4.3-3
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages motion recommends:
pn ffmpeg <none>
Versions of packages motion suggests:
pn mysql-client <none>
pn postgresql-client <none>
-- Configuration Files:
/etc/motion/motion.conf changed:
daemon on
process_id_file /var/run/motion/motion.pid
setup_mode off
;logfile /tmp/motion.log
log_level 6
log_type all
videodevice /dev/video1
v4l2_palette 8
; tunerdevice /dev/tuner0
input -1
norm 0
frequency 0
rotate 0
width 720
height 480
framerate 2
minimum_frame_time 0
; netcam_url value
; netcam_userpass value
netcam_keepalive off
; netcam_proxy value
netcam_tolerant_check off
auto_brightness off
brightness 0
contrast 0
saturation 0
hue 0
roundrobin_frames 1
roundrobin_skip 1
switchfilter off
threshold 500
threshold_tune off
noise_level 32
noise_tune on
despeckle_filter EedDl
; area_detect value
; mask_file value
smart_mask_speed 0
lightswitch 0
minimum_motion_frames 1
pre_capture 0
post_capture 0
event_gap 60
max_movie_time 0
emulate_motion off
output_pictures on
output_debug_pictures off
quality 75
picture_type jpeg
ffmpeg_output_movies on
ffmpeg_output_debug_movies off
ffmpeg_timelapse 0
ffmpeg_timelapse_mode daily
ffmpeg_bps 500000
ffmpeg_variable_bitrate 0
ffmpeg_video_codec mpeg4
ffmpeg_deinterlace off
sdl_threadnr 0
use_extpipe off
;extpipe mencoder -demuxer rawvideo -rawvideo w=320:h=240:i420 -ovc x264 -x264encopts bframes=4:frameref=1:subq=1:scenecut=-1:nob_adapt:threads=1:keyint=1000:8x8dct:vbv_bufsize=4000:crf=24:partitions=i8x8,i4x4:vbv_maxrate=800:no-chroma-me -vf denoise3d=16:12:48:4,pp=lb -of avi -o %f.avi - -fps %fps
snapshot_interval 0
locate_motion_mode off
locate_motion_style box
text_right %Y-%m-%d\n%T-%q
; text_left CAMERA %t
text_changes off
text_event %Y%m%d%H%M%S
text_double off
;exif_text %i%J/%K%L
snapshot_filename %v-%Y%m%d%H%M%S-snapshot
picture_filename %v-%Y%m%d%H%M%S-%q
movie_filename %v-%Y%m%d%H%M%S
timelapse_filename %Y%m%d-timelapse
ipv6_enabled off
stream_port 8081
stream_quality 50
stream_motion off
stream_maxrate 1
stream_localhost on
stream_limit 0
stream_auth_method 0
; stream_authentication username:password
webcontrol_port 8080
webcontrol_localhost on
webcontrol_html_output on
; webcontrol_authentication username:password
track_type 0
track_auto off
;track_port /dev/ttyS0
;track_motorx 0
;track_motorx_reverse 0
;track_motory 1
;track_motory_reverse 0
;track_maxx 200
;track_minx 50
;track_maxy 200
;track_miny 50
;track_homex 128
;track_homey 128
track_iomojo_id 0
track_step_angle_x 10
track_step_angle_y 10
track_move_wait 10
track_speed 255
track_stepsize 40
quiet on
; on_event_start value
; on_event_end value
; on_picture_save value
; on_motion_detected value
; on_area_detected value
; on_movie_start value
; on_movie_end value
; on_camera_lost value
; sql_log_picture on
; sql_log_snapshot on
; sql_log_movie off
; sql_log_timelapse off
; sql_query insert into security(camera, filename, frame, file_type, time_stamp, event_time_stamp) values('%t', '%f', '%q', '%n', '%Y-%m-%d %T', '%C')
; database_type value
; database_dbname value
; database_host value
; database_user value
; database_password value
; database_port value
; sqlite3_db value
; video_pipe value
; motion_video_pipe value
; thread /etc/motion/thread1.conf
; thread /etc/motion/thread2.conf
; thread /etc/motion/thread3.conf
; thread /etc/motion/thread4.conf
-- debconf information:
motion/moved_conf_dir:
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Version: 3.2.12+git20140228-4+b1
Severity: minor
An ordinary user must be a member of the group motion in order to
read /etc/motion/motion.conf. This is not documented in the Debian
packages (unless I missed it, and I looked hard). Perhaps in the
man page or a /usr/share/doc/motion/README.Debian?
In passing, the /etc/motion/motion.conf has several peculiar settings,
especially
target_dir /var/lib/motion
which is not accessible to an ordinary user and a very odd choice.
I suggest it be commented out in the Debian version, so that the current
WD default is used.
These are minor, but very confsuing for a newbie.
----------------------------------------------------------------------
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.14-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages motion depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.53
ii libavcodec-extra-55 6:10.1-1
ii libavformat55 6:10.1-1
ii libavutil53 6:10.1-1
ii libc6 2.18-7
ii libjpeg8 8d-2
ii libmysqlclient18 5.5.37-1
ii libpq5 9.3.4-1
ii libsqlite3-0 3.8.4.3-3
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages motion recommends:
pn ffmpeg <none>
Versions of packages motion suggests:
pn mysql-client <none>
pn postgresql-client <none>
-- Configuration Files:
/etc/motion/motion.conf changed:
daemon on
process_id_file /var/run/motion/motion.pid
setup_mode off
;logfile /tmp/motion.log
log_level 6
log_type all
videodevice /dev/video1
v4l2_palette 8
; tunerdevice /dev/tuner0
input -1
norm 0
frequency 0
rotate 0
width 720
height 480
framerate 2
minimum_frame_time 0
; netcam_url value
; netcam_userpass value
netcam_keepalive off
; netcam_proxy value
netcam_tolerant_check off
auto_brightness off
brightness 0
contrast 0
saturation 0
hue 0
roundrobin_frames 1
roundrobin_skip 1
switchfilter off
threshold 500
threshold_tune off
noise_level 32
noise_tune on
despeckle_filter EedDl
; area_detect value
; mask_file value
smart_mask_speed 0
lightswitch 0
minimum_motion_frames 1
pre_capture 0
post_capture 0
event_gap 60
max_movie_time 0
emulate_motion off
output_pictures on
output_debug_pictures off
quality 75
picture_type jpeg
ffmpeg_output_movies on
ffmpeg_output_debug_movies off
ffmpeg_timelapse 0
ffmpeg_timelapse_mode daily
ffmpeg_bps 500000
ffmpeg_variable_bitrate 0
ffmpeg_video_codec mpeg4
ffmpeg_deinterlace off
sdl_threadnr 0
use_extpipe off
;extpipe mencoder -demuxer rawvideo -rawvideo w=320:h=240:i420 -ovc x264 -x264encopts bframes=4:frameref=1:subq=1:scenecut=-1:nob_adapt:threads=1:keyint=1000:8x8dct:vbv_bufsize=4000:crf=24:partitions=i8x8,i4x4:vbv_maxrate=800:no-chroma-me -vf denoise3d=16:12:48:4,pp=lb -of avi -o %f.avi - -fps %fps
snapshot_interval 0
locate_motion_mode off
locate_motion_style box
text_right %Y-%m-%d\n%T-%q
; text_left CAMERA %t
text_changes off
text_event %Y%m%d%H%M%S
text_double off
;exif_text %i%J/%K%L
snapshot_filename %v-%Y%m%d%H%M%S-snapshot
picture_filename %v-%Y%m%d%H%M%S-%q
movie_filename %v-%Y%m%d%H%M%S
timelapse_filename %Y%m%d-timelapse
ipv6_enabled off
stream_port 8081
stream_quality 50
stream_motion off
stream_maxrate 1
stream_localhost on
stream_limit 0
stream_auth_method 0
; stream_authentication username:password
webcontrol_port 8080
webcontrol_localhost on
webcontrol_html_output on
; webcontrol_authentication username:password
track_type 0
track_auto off
;track_port /dev/ttyS0
;track_motorx 0
;track_motorx_reverse 0
;track_motory 1
;track_motory_reverse 0
;track_maxx 200
;track_minx 50
;track_maxy 200
;track_miny 50
;track_homex 128
;track_homey 128
track_iomojo_id 0
track_step_angle_x 10
track_step_angle_y 10
track_move_wait 10
track_speed 255
track_stepsize 40
quiet on
; on_event_start value
; on_event_end value
; on_picture_save value
; on_motion_detected value
; on_area_detected value
; on_movie_start value
; on_movie_end value
; on_camera_lost value
; sql_log_picture on
; sql_log_snapshot on
; sql_log_movie off
; sql_log_timelapse off
; sql_query insert into security(camera, filename, frame, file_type, time_stamp, event_time_stamp) values('%t', '%f', '%q', '%n', '%Y-%m-%d %T', '%C')
; database_type value
; database_dbname value
; database_host value
; database_user value
; database_password value
; database_port value
; sqlite3_db value
; video_pipe value
; motion_video_pipe value
; thread /etc/motion/thread1.conf
; thread /etc/motion/thread2.conf
; thread /etc/motion/thread3.conf
; thread /etc/motion/thread4.conf
-- debconf information:
motion/moved_conf_dir:
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Ximin Luo
Jul 12, 2015, 8:20:03 PM7/12/15
to
Hi, thanks for the report.
On 31/05/14 22:34, ael wrote:
> An ordinary user must be a member of the group motion in order to
> read /etc/motion/motion.conf. This is not documented in the Debian
> packages (unless I missed it, and I looked hard). Perhaps in the
> man page or a /usr/share/doc/motion/README.Debian?
>
I think I will just change it to 644 root:root instead. I see no reason for the program to be able to write its own configuration file, nor to block other users from reading that file.
Even /etc/ssh/sshd_config and /etc/tor/torrc are 644 root:root, so I think this is fine from a security point of view.
> In passing, the /etc/motion/motion.conf has several peculiar settings,
> especially
> target_dir /var/lib/motion
> which is not accessible to an ordinary user and a very odd choice.
> I suggest it be commented out in the Debian version, so that the current
> WD default is used.
>
/var/lib/${package} is the standard place to store this sort of data, see the Filesystem Hierarchy Standard (`man hier`).
The current WD is not suitable; this config file represents a *system service* that should have a fixed runtime directory.
The upstream default /tmp/motion is not suitable since /tmp is supposed to be deletable without notice - again part of the FHS.
For your purposes, I suppose you should make your own config file that omits target_dir, that uses the WD.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
On 31/05/14 22:34, ael wrote:
> An ordinary user must be a member of the group motion in order to
> read /etc/motion/motion.conf. This is not documented in the Debian
> packages (unless I missed it, and I looked hard). Perhaps in the
> man page or a /usr/share/doc/motion/README.Debian?
>
Even /etc/ssh/sshd_config and /etc/tor/torrc are 644 root:root, so I think this is fine from a security point of view.
> In passing, the /etc/motion/motion.conf has several peculiar settings,
> especially
> target_dir /var/lib/motion
> which is not accessible to an ordinary user and a very odd choice.
> I suggest it be commented out in the Debian version, so that the current
> WD default is used.
>
The current WD is not suitable; this config file represents a *system service* that should have a fixed runtime directory.
The upstream default /tmp/motion is not suitable since /tmp is supposed to be deletable without notice - again part of the FHS.
For your purposes, I suppose you should make your own config file that omits target_dir, that uses the WD.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
0 new messages