hi, i''m running a mongrel cluster plus apache and i''ve a user project:project which access the files. actually i run mongrel as root because otherwise it doesn''t work, i don''t know why, maybe because it can''t access the /usr directory... but with this when something is added ferret create its indexes as root:root, how can i change and set it to create them as project:project? is it possible? i''ve set also the index directory with chmod -R u+s index && chmod -R g+s index, but they are still created as root... :( thanks -- Posted via http://www.ruby-forum.com/.
On Sat, Sep 08, 2007 at 09:24:18PM +0200, Mix Mix wrote:> hi, i''m running a mongrel cluster plus apache and i''ve a user > project:project which access the files. actually i run mongrel as root > because otherwise it doesn''t work, i don''t know why, maybe because it > can''t access the /usr directory... but with this when something is added > ferret create its indexes as root:root, how can i change and set it to > create them as project:project? is it possible? i''ve set also the index > directory with chmod -R u+s index && chmod -R g+s index, but they are > still created as root... :(You really should fix your mongrel setup, so it runs as a non-privileged user. Running web servers (or any servers reachable from the outside) as root is a major security issue. To do so, check if the places mongrel needs to write to (dir where PID files go, dir where log files go), are writable by that user, i.e. do ''su - project'' and then try to create a file there. If that doesn''t work, either change these locations to somewhere else, i.e. somewhere in the home directory of your project user, or make them writable by the project user. cheers, Jens -- Jens Kr?mer http://www.jkraemer.net/ - Blog http://www.omdb.org/ - The new free film database
Benjamin Krause
2007-Sep-09 20:23 UTC
[Ferret-talk] create index as other user/group, how?
Hey ..> You really should fix your mongrel setup, so it runs as a non-privileged > user. Running web servers (or any servers reachable from the outside) as > root is a major security issue. >i totally agree .. take a look at mongrel_cluster to start/stop mongrel.. you can set a user and group like that: user: rails cwd: /var/www/localhost/rails/current port: "8010" environment: production group: apache address: 127.0.0.1 pid_file: log/mongrel.pid servers: 6 Ben
Benjamin Krause wrote:> Hey .. >> You really should fix your mongrel setup, so it runs as a non-privileged >> user. Running web servers (or any servers reachable from the outside) as >> root is a major security issue. >> > i totally agree .. take a look at mongrel_cluster to start/stop > mongrel.. you can set > a user and group like that:Ok, fixed :) Time ago i tried to set another user and group, but the site didn''t work anymore, now i''ve tried and discovered the problem, there were some session files created by root which the server couldn''t access, changed the owner and now works... thanks :) -- Posted via http://www.ruby-forum.com/.