[clo-devel] project 'trac' directory write access to the project group

Hans Hübner hans.huebner at gmail.com
Thu Sep 8 05:51:48 UTC 2011


Hi Anton,

presumably, the trac directory has a different group because trac
wants to store files in there (session information, uploads and the
like).  Maybe you can find out exactly what the web server needs to
write to (i.e. use trac, see what files and directories change) and
then chgrp those files that the web server needs no write access to.
If you could share your findings, we can make that setup be part of
the standard trac setup.

Thanks!
Hans

On Thu, Sep 8, 2011 at 2:31 AM, Anton Vodonosov <avodonosov at yandex.ru> wrote:
> Hello.
>
> As I see, all the file system content of project directories has the group owner named after the project name.
> Except for the 'trac' subdirectory, which has group owner = 'www-data'.
>
> For example:
>
> # cd /project/cl-openid
> # ls -l
>
> total 16
> drwxrwsr-x  3 mpasternacki cl-openid 4096 Jun  5 04:55 cvsroot
> lrwxrwxrwx  1 postfix      cl-openid   30 Sep 24  2008 ftp -> /var/ftp/pub/project/cl-openid
> drwxrwsr-x  4 mpasternacki cl-openid 4096 Aug 16 12:59 public_html
> drwxrwsr-x  7 mpasternacki cl-openid 4096 May  5  2008 svn
> drwxrwsr-x 10 mpasternacki www-data  4096 May 16  2008 trac
>
> In result, the project members other than the directory owner can't use trac-admin or
> edit trac.ini.
>
> Is there a way to overcome this, other than every time assigning the user owner of the
> 'trac' directory to the project member desiring to change the files?
>
> I assume we can't just change the group owner to cl-openid here, because www-data
> needs write access to 'trac' directory (when the trac python code tries to save something
> there).
>
> Best regards,
> - Anton
>
> _______________________________________________
> clo-devel mailing list
> clo-devel at common-lisp.net
> http://lists.common-lisp.net/cgi-bin/mailman/listinfo/clo-devel
>




More information about the clo-devel mailing list