[Catalyst] Cached TT w/mod_perl issue? Or just a Toby-bug?
Wade.Stuart at fallon.com
Wade.Stuart at fallon.com
Tue Sep 27 20:18:10 CEST 2005
Welp,
You kinda sound like you want to have your cake and to eat it too --
all while having someone else pay for dinner. There is no magic bullet
that makes all the problems go away here.
* You can make Apache start as the apache user and not change ID.
* You can leave root -> userid apache and change your umask and make the
dirs and files writable by all.
* You can create the directories before hand and set permission to work
like you need them to.
* You can hold off on the TT create until apache has changed ID.
All of these solutions require thought, have weaknesses, are inflexible in
some way or another -- you are in this position by previous choices you
have made (starting apache as root and changing ID). Sometimes it does
seem silly to ask for directions after you decide to drive half way across
the country, you may not like that the answers all involve driving
backwards 15 hours.
Wade Stuart
Toby Corkindale
<tjc at wintrmute.ne
t> To
Sent by: The elegant MVC web framework
catalyst-bounces@ <catalyst at lists.rawmode.org>
lists.rawmode.org cc
Subject
09/27/05 08:40 AM Re: [Catalyst] Cached TT w/mod_perl
issue? Or just a Toby-bug?
Please respond to
The elegant MVC
web framework
<catalyst at lists.r
awmode.org>
On Fri, Sep 23, 2005 at 05:07:58PM +0100, Matt S Trout wrote:
> On Fri, Sep 23, 2005 at 03:46:17PM +0100, Toby Corkindale wrote:
> > Hi, I just wondered if anyone had any thoughts on the below problem?
> > It basically just comes down to this issue:
> > 1) apache w/mod_perl starts up, running as root, and initialises some
> > parts of the Catalyst system.
> > 2) TT's cache directory is created as root, and a tree is created
underneath
> > it, also owned by root.
> > 3) Apache setuid()s to the apache user
> > 4) Catalyst can no-longer write to the TT cache directory, as it has
> > insufficient permissions.
> >
> > I can work around this by doing a chown apache of the Catalyst cache
dir
> > during startup, but this seems poor form.. Plus requires to know what
the
> > apache user's name is in advance, which potentially varies between
> > distributions.
> >
> > Is there a more sensible way to do this?
> >
> > Note that using $> doesn't work, as you have already set the TT cache
dir in
> > the config during the initialisation as root (euid=0), before the
setuid
> > occurs.
>
> Delay MyApp->setup until a PerlChildInitHandler?
- Seems a bit tricky, and potentially unportable. If you have time, how
would
you suggest going about it?
> Or have the TT cache dir set to a *group* apache can write to and setgid
> so the permissions propagate so group write sorts the problem.
Ideally, we'd like our app to be able ot start up and create the dir
automatically; I had considered using the setgid trick to retain
permissions,
but past experience of setgid is that it always ends up getting lost
somewhere, accidentally. (eg. Someone copies directories without realising
they need to maintain it)
Setting to a group that apache can write to relies on knowing and setting
that
group somewhere in a config file, and I'd prefer to try to and avoid
system-dependant variables where possible.
I'm surprised that no-one seems to have hit this; Do few people run
mod_perl
with a cache-enabled TT?
tjc
--
Turning and turning in the widening gyre/The falcon cannot hear the
falconer;
Things fall apart, the centre cannot hold/Mere anarchy is loosed upon the
world
(gpg --keyserver www.co.uk.pgp.net --recv-key B1CCF88E)
_______________________________________________
Catalyst mailing list
Catalyst at lists.rawmode.org
http://lists.rawmode.org/mailman/listinfo/catalyst
More information about the Catalyst
mailing list