[Catalyst] Cached TT w/mod_perl issue? Or just a Toby-bug?
tjc at wintrmute.net
Tue Sep 27 15:44:54 CEST 2005
On Fri, Sep 23, 2005 at 11:08:59AM -0500, Wade.Stuart at fallon.com wrote:
> mkdir /path/to/ttcache
> chown apacheusr:apachegrp /path/to/ttcache
> chmod 770 /path/to/ttcache
> chmod g+s /path/to/ttcache
> This will set the stick group bit on the cache dir and newly created files
> will gain the paths groupid in the cache dir.
Thanks, although I'd prefer to find another approach.
It's quite likely we'll be putting the cache on a memory-based filesystem, on
some of the systems, in which case having the Catalyst app create the
directory on start-up is handy; however it's hard to guess the appropriate
user/group values on startup -and if run as a catalyst_server.pl method
instead of via mod_perl we would hit errors attempting to set
> ----- Original Message -----
> From: catalyst-bounces
> Sent: 09/23/2005 11:07 AM
> To: The elegant MVC web framework <catalyst at lists.rawmode.org>
> Subject: Re: [Catalyst] Cached TT w/mod_perl issue? Or just a Toby-bug?
> On Fri, Sep 23, 2005 at 03:46:17PM +0100, Toby Corkindale wrote:
> > Hi, I just wondered if anyone had any thoughts on the below problem?
> > It basically just comes down to this issue:
> > 1) apache w/mod_perl starts up, running as root, and initialises some parts of
> > the Catalyst system.
> > 2) TT's cache directory is created as root, and a tree is created underneath
> > it, also owned by root.
> > 3) Apache setuid()s to the apache user
> > 4) Catalyst can no-longer write to the TT cache directory, as it has
> > insufficient permissions.
> > I can work around this by doing a chown apache of the Catalyst cache dir
> > during startup, but this seems poor form.. Plus requires to know what the
> > apache user's name is in advance, which potentially varies between
> > distributions.
> > Is there a more sensible way to do this?
> > Note that using $> doesn't work, as you have already set the TT cache dir in
> > the config during the initialisation as root (euid=0), before the setuid
> > occurs.
> Delay MyApp->setup until a PerlChildInitHandler?
> Or have the TT cache dir set to a *group* apache can write to and setgid
> so the permissions propagate so group write sorts the problem.
More information about the Catalyst