“4525 photos imported.” Whew. Not the biggest collection of photos, but enough to test my setup.

My requirements were:

  • Gather photos at several locations (Windoze PC’s) into one central media repository
  • Leave the photos at the original locations
  • Anticipate some maintenance of photos at the original locations
  • Use gallery (a great LAMP webapp) to manage the central media repository of photos
  • Management should include creation of a public directory for shared photos
  • Minimize duplication on the media repository

Yikes. Well, here are details on my best shot at this.

Sometimes I feel like I know what I’m doing, other times I realize what a noob I still am. Case in point: ssh tunnelling. Why haven’t I fallen in love with this before?

Tunnelling out of a heavily-firewalled network across the interwebs to a box on an internal lan through a public ssh-accessible box is absolutely trivial. OK, that sounded complicated, but it’s just what I need! An example is in order:

# Make sure this works from a machine inside the heavily-firewalled network
# Ask your IT department to open port 22 if needed, or you can go through a proxy on an open port
ssh [email protected]

# Now let's redo it, but add a tunnel from a local port to a port on a machine on the LAN side of the public box
ssh -L 8000:box_on_lan_side:80 [email protected]

# Now you can browse to the apache server on box_on_lan_side from within the firewalled network
firefox http://localhost:8000

Whee!

sudo does all this crap “to remain secure”:

Variables that control how dynamic loading and binding is done can be used to subvert the program that sudo runs.  To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables are removed from the environment passed on to all commands executed.  sudo will also remove the IFS, CDPATH, ENV, BASH_ENV, KRB_CONF, KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO, TERMINFO_DIRS and TERMPATH variables as they too can pose a threat.

What a useless waste of time. As the man page says:

There is no easy way to prevent a user from gaining a root shell if that user is allowed to run arbitrary commands via sudo.

So what’s the *(%#@&#$ use of crippling the environment? I’ve been trying to get a successful root-initiated [make install] going from a user-initiated script file, and sudo has wasted my time. [su] to the rescue. This will use your proper root environment:

su -c "make install" -

The down sides are that you’ll be prompted for your password every time you call su, and you have to use the root password. But sudo is worthless.

/rant

UPDATE: [su] is no better. I lied, you still won’t get your full environment. The only solution is to actually RUN your shell environment scripts yourself from a batch file that you execute with -c. Live and learn.

OK, the first time I tried all the various available hacks to get this to work, I somehow managed to hard-reset my Treo AND trash the PC backup (something must have run wildly through the Treo memory and really trashed the place).

The next time, I tried this and so far it’s working like a charm. Here’s a dupe of the information in case the link goes bad… (continued…)