I cannot for the life of me figure out why I am getting a Python version mismatch error on my scripts within my BBS, as well as not being able to run imported modules. I have Python 2.7 and 3.5 both installed. The imported modules work just fine on the Raspberry Pi from the respective python shells, ie no errors. Yet when I add them into my scripts I get
the error...
When you say "run Mystic" do you mean the command within the terminal
that launches my server?
Because, if I run:-
"./ mystic -server"
Instead of...
"sudo ./ mystic -server"
I get these errors..
TELNET unable to open IPV4 Port Error -1 (13)
TELNET unable to open IPV6 Port Error -1 (13)
So Linux won't let non-sudo users to bind to ports under 1024. Thats why you see a lot of bbSes w/ ports like :1337, or whatever... however you
can get around that. Hes a writeup, and there are many others out
there...
What's the issue running it under sudo. You can add an entry to your
sudo file to only allow the bbs user the permission to open mystic as sudo, deny everything else. You can set it up so you don't even need to enter a password and then tie this to a systemd script.
So here are the errors I am getting from importing two separate modules. Note: If I run sudo ./mis -server I get the same mismatch error but just one importer error saying "import error: no module named tweepy".--
What's the issue running it under sudo. You can add an entry to your
sudo file to only allow the bbs user the permission to open mystic as sudo, deny everything else. You can set it up so you don't even need to enter a password and then tie this to a systemd script.
Running under sudo has some complications. For example, if you try to
run any external program that looks to $HOME, it will look to /root/.
The drop suid thing isn't perfect. I highly recommend /not/ using sudo
for this reason, it creates odd little permissions related problems here and there.
What's the issue running it under sudo. You can add an entry to your sudo file to only allow the bbs user the permission to open mystic as sudo, deny everything else. You can set it up so you don't even need enter a password and then tie this to a systemd script.
Nothing wrong w/ running as sudo, except I'd be willing to bet that 75%
of the users who doso DON'T do the few things you listed above to
mitigate any issues. In fact, I bet most are running on their one user account on the machine... :P
But yes, the above way would be pretty solid too.
This is why I don't run as sudo. I ran my bbS for some time and then
tried to switch TO running sudo - and it broke most of my mods and
Python stuff... sure, it can be done - but should be planned and implemented from day 1. Others, like niter3, seem to have it ironed out and working just fine, but for me I chose to use a bbs user w/o sudo acs.
What's the issue running it under sudo
So here are the errors I am getting from importing two separate modules. Note: If I run sudo ./mis -server I get the same mismatch error but just one importer error saying "import error: no module named tweepy".--
I think if I were to run into this, I would just have a env variable set to correct these issues.
pip2 list
"ERROR command not found"
If your BBS gets compromised, then that person has root access to your system and whatever else that might mean for your environment. It is generally bad practice to run any services as root, especially untrusted ones like Mystic - I would not say Mystic is "trusted" by any means. It does not seem to support modern crypto ciphers: try ssh'ing to any
Mystic BBS with a "normal" client, like `ssh` from a linux command line, and by default you will get an error about weak ciphers, to which you
need to either update your ssh_config or explicitly use the weak cipher
in your command string - TLS with SMTP also seems to have similar cipher issues. Mystic, to my knowledge anyway, is not pen tested, it is not
open source to allow for peer reviewing, it does not get frequent
updates, etc. That is not a dig at the g00r00 or anyone who contributes
to it, and advanced security shouldn't be the job of Mystic anyway. On
top of that and other things, most of us are all using TELNET which is
the most *unsecure* thing you can do on the Internet. No, you should not be running Mystic or most other things with root privilges.
There *are* generally safe ways to run untrusted software like Mystic
and there are ways to use to ports 22 and 23 *without* giving Mystic
root access (simple firewall rules to forward each of them to ports
above 1024 are easy enough to write and search for).
We live in a "zero trust" world today.
How do you set env varibles - please see my original post as I think
what I am asking to do will solve my issue. Thanks!
To each his own :) Giving mis access to <1024 port numbers is fairly simple and mitigates all potential SUID issues, so that's how I do it. *shrug*
You could also not do any of that and NAT port translate it from 23 to 1024 or whichever port. Less work if you have a firewall which can do this.
A thousand thanks yous to everyone who pitched in to help. YAY!!!
To each his own :) Giving mis access to <1024 port numbers is fairly simple and mitigates all potential SUID issues, so that's how I do it
You could also not do any of that and NAT port translate it from 23 to 102 whichever port. Less work if you have a firewall which can do this.
Sysop: | Eric Oulashin |
---|---|
Location: | Beaverton, Oregon, USA |
Users: | 95 |
Nodes: | 16 (0 / 16) |
Uptime: | 01:57:22 |
Calls: | 4,646 |
Calls today: | 9 |
Files: | 8,491 |
Messages: | 348,708 |
Posted today: | 1 |