From 798022ac77b5f5efa2e6d70393a8f1a936e598f8 Mon Sep 17 00:00:00 2001 From: Charles Kerr Date: Wed, 23 Feb 2022 22:25:02 -0600 Subject: [PATCH] docs: rpc password, systemd privs (#2699) * docs: RPC passwords must not begin with '{' * docs: document NoNewPrivileges=false for scripting Fixes #1951. --- docs/Editing-Configuration-Files.md | 2 +- docs/Scripts.md | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/Editing-Configuration-Files.md b/docs/Editing-Configuration-Files.md index f1ce9b02b..ef1e01490 100644 --- a/docs/Editing-Configuration-Files.md +++ b/docs/Editing-Configuration-Files.md @@ -124,7 +124,7 @@ Here is a sample of the three basic types, respectively Boolean, Number and Stri * **rpc-enabled:** Boolean (default = true) * **rpc-host-whitelist:** String (Comma-delimited list of domain names. Wildcards allowed using '\*'. Example: "*.foo.org,example.com", Default: "", Always allowed: "localhost", "localhost.", all the IP addresses. Added in v2.93) * **rpc-host-whitelist-enabled:** Boolean (default = true. Added in v2.93) - * **rpc-password:** String + * **rpc-password:** String. You can enter this in as plaintext when Transmission is not running, and then Transmission will salt the value on startup and re-save the salted version as a security measure. **Note:** Transmission treats passwords starting with the character `{` as salted, so when you first create your password, the plaintext password you enter must not begin with `{`. * **rpc-port:** Number (default = 9091) * **rpc-url:** String (default = /transmission/. Added in v2.2) * **rpc-username:** String diff --git a/docs/Scripts.md b/docs/Scripts.md index 9b773483a..8932bbfc5 100644 --- a/docs/Scripts.md +++ b/docs/Scripts.md @@ -63,3 +63,7 @@ Scripts which have not yet been ported and may not work with the latest version: * http://pastie.org/443058: Perl - Network traffic graph, based on rrdtool (example: http://skitch.com/werehamster/bmjg8/bittorrent-traffic) * http://transmission.pastebin.com/QzVxQDtM: Bash - (cron)script to keep a maximum number of torrents running; starting and pausing torrents as necessary * https://github.com/jaboto/Transmission-script - (cron)script set network limits according to the number of clients in the network + +## Security on systemd + +`transmission-daemon`'s packaging has many permissions disabled as a standard safety measure. If your script needs more permissions than are provided by the default, users have [reported](https://github.com/transmission/transmission/issues/1951) that it can be resolved by changing to `NoNewPrivileges=false` in `/lib/systemd/system/transmission-daemon.service`.