[Catalyst] Cached TT w/mod_perl issue? Or just a Toby-bug?

Toby Corkindale tjc at wintrmute.net
Tue Sep 27 15:40:48 CEST 2005 

On Fri, Sep 23, 2005 at 05:07:58PM +0100, Matt S Trout wrote:
> On Fri, Sep 23, 2005 at 03:46:17PM +0100, Toby Corkindale wrote:
> > Hi, I just wondered if anyone had any thoughts on the below problem?
> > It basically just comes down to this issue:
> > 1) apache w/mod_perl starts up, running as root, and initialises some
> > parts of the Catalyst system.
> > 2) TT's cache directory is created as root, and a tree is created underneath
> > it, also owned by root.
> > 3) Apache setuid()s to the apache user
> > 4) Catalyst can no-longer write to the TT cache directory, as it has
> > insufficient permissions.
> > 
> > I can work around this by doing a chown apache of the Catalyst cache dir
> > during startup, but this seems poor form.. Plus requires to know what the
> > apache user's name is in advance, which potentially varies between
> > distributions.
> > 
> > Is there a more sensible way to do this?
> > 
> > Note that using $> doesn't work, as you have already set the TT cache dir in
> > the config during the initialisation as root (euid=0), before the setuid
> > occurs.
> 
> Delay MyApp->setup until a PerlChildInitHandler?

 - Seems a bit tricky, and potentially unportable. If you have time, how would
you suggest going about it?

> Or have the TT cache dir set to a *group* apache can write to and setgid
> so the permissions propagate so group write sorts the problem.

Ideally, we'd like our app to be able ot start up and create the dir
automatically; I had considered using the setgid trick to retain permissions,
but past experience of setgid is that it always ends up getting lost
somewhere, accidentally. (eg. Someone copies directories without realising
they need to maintain it)
Setting to a group that apache can write to relies on knowing and setting that
group somewhere in a config file, and I'd prefer to try to and avoid
system-dependant variables where possible.

I'm surprised that no-one seems to have hit this; Do few people run mod_perl
with a cache-enabled TT?

tjc

-- 
Turning and turning in the widening gyre/The falcon cannot hear the falconer;
Things fall apart, the centre cannot hold/Mere anarchy is loosed upon the world
(gpg --keyserver www.co.uk.pgp.net --recv-key B1CCF88E)

More information about the Catalyst mailing list