I am learning RoR on CentOS 5. What would be the ideal way to set permissions in the app folder? The rails default did not work for me. I use git and apache/passenger. Everything works now that I - added apache to the group git (by modifying /etc/group) - did the following at tha app root chown -R root:git * chmod -R 775 * Howerer, this is probably too wide. It seems to me that somebody else is using the view templates besides apache, because 770 gives an error. Or else Passenger does not respect the fact that apache was added to the git group. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/s3qKPGRNXEMJ. For more options, visit https://groups.google.com/groups/opt_out.
On Fri, Mar 15, 2013 at 7:41 AM, Jussi Hirvi <jushirvi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I am learning RoR on CentOS 5. What would be the ideal way to set > permissions in the app folder? The rails default did not work for me. > > I use git and apache/passenger. Everything works now that I > - added apache to the group git (by modifying /etc/group) > - did the following at tha app root > chown -R root:git * > chmod -R 775 * > > Howerer, this is probably too wide. > > It seems to me that somebody else is using the view templates besides > apache, because 770 gives an error. Or else Passenger does not respect the > fact that apache was added to the git group.Passenger runs as the user and group Apache runs as. That said you should not need to add the executable bit to any Ruby file unless it''s a bin file, Ruby is not PHP (actually that always kinda annoyed me about PHP a bit :/..) That said, even if Apache was added to the git group that does not mean that Apache will run with the git group since Apache sets it''s user and group. Your best bet in that situation is to set the group via configurations. I don''t know how CentOS sets up Apache so you''ll have to grep that out. On the permissions part, I would probably set it up as 640. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
On Friday, March 15, 2013 3:33:39 PM UTC+2, Jordon Bedwell wrote:> > Passenger runs as the user and group Apache runs as.I once got an error message which implied that the db dir should be accessible to the user nobody:nobody - and my apache is set to run as apache:apache. I haven''t tested this, though. As a temporary solution my db directory is now world-writable.> That said you > should not need to add the executable bit to any Ruby file unless it''s > a bin file, Ruby is not PHP (actually that always kinda annoyed me > about PHP a bit :/..)I had the exec bit on only because of directory access. I was too lazy to adjust separately for files and directories.> That said, even if Apache was added to the git > group that does not mean that Apache will run with the git group since > Apache sets it''s user and group. Your best bet in that situation is to > set the group via configurations. I don''t know how CentOS sets up > Apache so you''ll have to grep that out. > > On the permissions part, I would probably set it up as 640. >Let''s see... I switched the group assignments so that now git is a member of apache group (and not vice versa). Both apache and git seem to work ok. Also I made this bash script which I run now and then. So far I am good with this. The permissions are not quite optimal, though. For example I don''t like world-writable directories. # this file should be at the project root myproj=''.'' # basic settings chgrp -R apache $myproj; chmod -R 774 $myproj; # project dir chmod o+x $myproj; # subdirs and their contents find $myproj/* -type d -exec chmod 2775 {} \;; chmod -R 777 $myproj/db $myproj/tmp; chmod 666 $myproj/log/*; - Jussi -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/8Y6E2CY5G-0J. For more options, visit https://groups.google.com/groups/opt_out.
On Friday, March 15, 2013 7:42:45 PM UTC, Jussi Hirvi wrote:> > > > On Friday, March 15, 2013 3:33:39 PM UTC+2, Jordon Bedwell wrote: >> >> Passenger runs as the user and group Apache runs as. > > > I once got an error message which implied that the db dir should be > accessible to the user nobody:nobody - and my apache is set to run as > apache:apache. I haven''t tested this, though. As a temporary solution my > db directory is now world-writable. >You can configure which user your ruby code runs at. Whatever user that is clearly needs read access to your app (and possibly write access to tmp) Fred> > >> That said you >> should not need to add the executable bit to any Ruby file unless it''s >> a bin file, Ruby is not PHP (actually that always kinda annoyed me >> about PHP a bit :/..) > > > I had the exec bit on only because of directory access. I was too lazy to > adjust separately for files and directories. > > >> That said, even if Apache was added to the git >> group that does not mean that Apache will run with the git group since >> Apache sets it''s user and group. Your best bet in that situation is to >> set the group via configurations. I don''t know how CentOS sets up >> Apache so you''ll have to grep that out. >> >> On the permissions part, I would probably set it up as 640. >> > > Let''s see... I switched the group assignments so that now git is a member > of apache group (and not vice versa). Both apache and git seem to work ok. > > Also I made this bash script which I run now and then. So far I am good > with this. The permissions are not quite optimal, though. For example I > don''t like world-writable directories. > > # this file should be at the project root > myproj=''.'' > # basic settings > chgrp -R apache $myproj; > chmod -R 774 $myproj; > # project dir > chmod o+x $myproj; > # subdirs and their contents > find $myproj/* -type d -exec chmod 2775 {} \;; > chmod -R 777 $myproj/db $myproj/tmp; > chmod 666 $myproj/log/*; > > - Jussi >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/YTiZ5GNwg3IJ. For more options, visit https://groups.google.com/groups/opt_out.
On Friday, March 15, 2013 9:59:24 PM UTC+2, Frederick Cheung wrote:> > You can configure which user your ruby code runs at. Whatever user that is > clearly needs read access to your app (and possibly write access to tmp) >I found a way to do this - using the Process::UID module. http://ruby-doc.org/core-2.0/Process/UID.html Where should i put this in my project? And would it be harmful to use the "apache" user - same as Apache/Passenger? That would simplify setting the permissions in the project directory. BTW, why cannot I post in this group with Thunderbird? Those emails just vanish and never get to the group. I can only post with browser, using groups.google.com. Is this normal? - Jussi -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/PbyxilO05fMJ. For more options, visit https://groups.google.com/groups/opt_out.
On 16 March 2013 17:53, Jussi Hirvi <jushirvi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> ... > BTW, why cannot I post in this group with Thunderbird? Those emails just > vanish and never get to the group. I can only post with browser, using > groups.google.com. Is this normal?Is the email address you use with thunderbird the one you used to register with? Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
On Saturday, March 16, 2013 11:11:21 PM UTC+2, Colin Law wrote:> > Is the email address you use with thunderbird the one you used to register > with? > > Yes.- Jussi -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/OOb8hXlCgnsJ. For more options, visit https://groups.google.com/groups/opt_out.
On Saturday, March 16, 2013 5:53:14 PM UTC, Jussi Hirvi wrote:> > On Friday, March 15, 2013 9:59:24 PM UTC+2, Frederick Cheung wrote: >> >> You can configure which user your ruby code runs at. Whatever user that >> is clearly needs read access to your app (and possibly write access to tmp) >> > > I found a way to do this - using the Process::UID module. > http://ruby-doc.org/core-2.0/Process/UID.html > > Where should i put this in my project? And would it be harmful to use the > "apache" user - same as Apache/Passenger? That would simplify setting the > permissions in the project directory. > >You should just be able to set this in the virtual host configuration. Fred> BTW, why cannot I post in this group with Thunderbird? Those emails just > vanish and never get to the group. I can only post with browser, using > groups.google.com. Is this normal? > > - Jussi >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/VOt7j6Cl3YsJ. For more options, visit https://groups.google.com/groups/opt_out.
On Sunday, March 17, 2013 8:47:23 PM UTC+2, Frederick Cheung wrote:> > You should just be able to set this in the virtual host configuration. > > Now I found a way to do this. I could addPassengerDefaultUser apache # (or whichever user you like except root) to the virtual host block of the apache conf. I just tested this, and it works. But there is a more elegant way. All the necessary information is here: http://www.modrails.com/documentation/Users%20guide%20Apache.html#user_switching In essence, you just need to change the owner of config/environment.rb. This I did not test yet, though. - Jussi -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/b4M4h1BuTuwJ. For more options, visit https://groups.google.com/groups/opt_out.