[clo-devel] project 'trac' directory write access to the project group

Anton Vodonosov avodonosov at yandex.ru
Thu Sep 8 09:43:12 UTC 2011


Thing work. 

What I tested:

Added myself as admin from command line, using trac-admin.

Closed one ticket via web UI.

Closed some milestones, enabled openid authentication plubin from web-ui.

Trac web UI also suggested me to do in command line:
   
    trac-admin /custom/sys/trac/trac/projects/cl-openid upgrade

which was also successful.

Best regards,
- Anton

08.09.2011, 13:03, "Hans Hübner" <hans at huebner.org>:
> I have made the suggested change for the cl-openid project.  Please
> test whether things work.  I will make the change for all other
> projects and the trac setup script once I've got your positive
> feedback.
>
> -Hans
>
> On Thu, Sep 8, 2011 at 10:32 AM, Anton Vodonosov <avodonosov at yandex.ru> wrote:
>
>>  Yes. But there is also high probability that the web server will need
>>  write access to the same files which are useful for project members
>>  to have write access to.
>>
>>  For example trac-admin needs write access to file system, and most likely
>>  the admin web interface needs write access to the same files.
>>
>>  Another idea: why not make www-data the user owner, and the project
>>  group the group owner with write access?
>>
>>  Best regards,
>>  - Anton
>>
>>  08.09.2011, 09:52, "Hans Hübner" <hans.huebner at gmail.com>:
>>>  Hi Anton,
>>>
>>>  presumably, the trac directory has a different group because trac
>>>  wants to store files in there (session information, uploads and the
>>>  like).  Maybe you can find out exactly what the web server needs to
>>>  write to (i.e. use trac, see what files and directories change) and
>>>  then chgrp those files that the web server needs no write access to.
>>>  If you could share your findings, we can make that setup be part of
>>>  the standard trac setup.
>>>
>>>  Thanks!
>>>  Hans
>>>
>>>  On Thu, Sep 8, 2011 at 2:31 AM, Anton Vodonosov <avodonosov at yandex.ru> wrote:
>>>>   Hello.
>>>>
>>>>   As I see, all the file system content of project directories has the group owner named after the project name.
>>>>   Except for the 'trac' subdirectory, which has group owner = 'www-data'.
>>>>
>>>>   For example:
>>>>
>>>>   # cd /project/cl-openid
>>>>   # ls -l
>>>>
>>>>   total 16
>>>>   drwxrwsr-x  3 mpasternacki cl-openid 4096 Jun  5 04:55 cvsroot
>>>>   lrwxrwxrwx  1 postfix      cl-openid   30 Sep 24  2008 ftp -> /var/ftp/pub/project/cl-openid
>>>>   drwxrwsr-x  4 mpasternacki cl-openid 4096 Aug 16 12:59 public_html
>>>>   drwxrwsr-x  7 mpasternacki cl-openid 4096 May  5  2008 svn
>>>>   drwxrwsr-x 10 mpasternacki www-data  4096 May 16  2008 trac
>>>>
>>>>   In result, the project members other than the directory owner can't use trac-admin or
>>>>   edit trac.ini.
>>>>
>>>>   Is there a way to overcome this, other than every time assigning the user owner of the
>>>>   'trac' directory to the project member desiring to change the files?
>>>>
>>>>   I assume we can't just change the group owner to cl-openid here, because www-data
>>>>   needs write access to 'trac' directory (when the trac python code tries to save something
>>>>   there).
>>>>
>>>>   Best regards,
>>>>   - Anton
>>>>
>>>>   _______________________________________________
>>>>   clo-devel mailing list
>>>>   clo-devel at common-lisp.net
>>>>   http://lists.common-lisp.net/cgi-bin/mailman/listinfo/clo-devel
>>>  _______________________________________________
>>>  clo-devel mailing list
>>>  clo-devel at common-lisp.net
>>>  http://lists.common-lisp.net/cgi-bin/mailman/listinfo/clo-devel




More information about the clo-devel mailing list