[clo-devel] project 'trac' directory write access to the project group

Hans Hübner hans at huebner.org
Thu Sep 8 09:03:05 UTC 2011 

I have made the suggested change for the cl-openid project.  Please
test whether things work.  I will make the change for all other
projects and the trac setup script once I've got your positive
feedback.

-Hans

On Thu, Sep 8, 2011 at 10:32 AM, Anton Vodonosov <avodonosov at yandex.ru> wrote:
> Yes. But there is also high probability that the web server will need
> write access to the same files which are useful for project members
> to have write access to.
>
> For example trac-admin needs write access to file system, and most likely
> the admin web interface needs write access to the same files.
>
> Another idea: why not make www-data the user owner, and the project
> group the group owner with write access?
>
> Best regards,
> - Anton
>
> 08.09.2011, 09:52, "Hans Hübner" <hans.huebner at gmail.com>:
>> Hi Anton,
>>
>> presumably, the trac directory has a different group because trac
>> wants to store files in there (session information, uploads and the
>> like).  Maybe you can find out exactly what the web server needs to
>> write to (i.e. use trac, see what files and directories change) and
>> then chgrp those files that the web server needs no write access to.
>> If you could share your findings, we can make that setup be part of
>> the standard trac setup.
>>
>> Thanks!
>> Hans
>>
>> On Thu, Sep 8, 2011 at 2:31 AM, Anton Vodonosov <avodonosov at yandex.ru> wrote:
>>
>>>  Hello.
>>>
>>>  As I see, all the file system content of project directories has the group owner named after the project name.
>>>  Except for the 'trac' subdirectory, which has group owner = 'www-data'.
>>>
>>>  For example:
>>>
>>>  # cd /project/cl-openid
>>>  # ls -l
>>>
>>>  total 16
>>>  drwxrwsr-x  3 mpasternacki cl-openid 4096 Jun  5 04:55 cvsroot
>>>  lrwxrwxrwx  1 postfix      cl-openid   30 Sep 24  2008 ftp -> /var/ftp/pub/project/cl-openid
>>>  drwxrwsr-x  4 mpasternacki cl-openid 4096 Aug 16 12:59 public_html
>>>  drwxrwsr-x  7 mpasternacki cl-openid 4096 May  5  2008 svn
>>>  drwxrwsr-x 10 mpasternacki www-data  4096 May 16  2008 trac
>>>
>>>  In result, the project members other than the directory owner can't use trac-admin or
>>>  edit trac.ini.
>>>
>>>  Is there a way to overcome this, other than every time assigning the user owner of the
>>>  'trac' directory to the project member desiring to change the files?
>>>
>>>  I assume we can't just change the group owner to cl-openid here, because www-data
>>>  needs write access to 'trac' directory (when the trac python code tries to save something
>>>  there).
>>>
>>>  Best regards,
>>>  - Anton
>>>
>>>  _______________________________________________
>>>  clo-devel mailing list
>>>  clo-devel at common-lisp.net
>>>  http://lists.common-lisp.net/cgi-bin/mailman/listinfo/clo-devel
>>
>> _______________________________________________
>> clo-devel mailing list
>> clo-devel at common-lisp.net
>> http://lists.common-lisp.net/cgi-bin/mailman/listinfo/clo-devel
>

More information about the clo-devel mailing list