[clo-devel] project 'trac' directory write access to the project group
Anton Vodonosov
avodonosov at yandex.ru
Thu Sep 8 09:43:12 UTC 2011
Thing work.
What I tested:
Added myself as admin from command line, using trac-admin.
Closed one ticket via web UI.
Closed some milestones, enabled openid authentication plubin from web-ui.
Trac web UI also suggested me to do in command line:
trac-admin /custom/sys/trac/trac/projects/cl-openid upgrade
which was also successful.
Best regards,
- Anton
08.09.2011, 13:03, "Hans Hübner" <hans at huebner.org>:
> I have made the suggested change for the cl-openid project. Please
> test whether things work. I will make the change for all other
> projects and the trac setup script once I've got your positive
> feedback.
>
> -Hans
>
> On Thu, Sep 8, 2011 at 10:32 AM, Anton Vodonosov <avodonosov at yandex.ru> wrote:
>
>> Yes. But there is also high probability that the web server will need
>> write access to the same files which are useful for project members
>> to have write access to.
>>
>> For example trac-admin needs write access to file system, and most likely
>> the admin web interface needs write access to the same files.
>>
>> Another idea: why not make www-data the user owner, and the project
>> group the group owner with write access?
>>
>> Best regards,
>> - Anton
>>
>> 08.09.2011, 09:52, "Hans Hübner" <hans.huebner at gmail.com>:
>>> Hi Anton,
>>>
>>> presumably, the trac directory has a different group because trac
>>> wants to store files in there (session information, uploads and the
>>> like). Maybe you can find out exactly what the web server needs to
>>> write to (i.e. use trac, see what files and directories change) and
>>> then chgrp those files that the web server needs no write access to.
>>> If you could share your findings, we can make that setup be part of
>>> the standard trac setup.
>>>
>>> Thanks!
>>> Hans
>>>
>>> On Thu, Sep 8, 2011 at 2:31 AM, Anton Vodonosov <avodonosov at yandex.ru> wrote:
>>>> Hello.
>>>>
>>>> As I see, all the file system content of project directories has the group owner named after the project name.
>>>> Except for the 'trac' subdirectory, which has group owner = 'www-data'.
>>>>
>>>> For example:
>>>>
>>>> # cd /project/cl-openid
>>>> # ls -l
>>>>
>>>> total 16
>>>> drwxrwsr-x 3 mpasternacki cl-openid 4096 Jun 5 04:55 cvsroot
>>>> lrwxrwxrwx 1 postfix cl-openid 30 Sep 24 2008 ftp -> /var/ftp/pub/project/cl-openid
>>>> drwxrwsr-x 4 mpasternacki cl-openid 4096 Aug 16 12:59 public_html
>>>> drwxrwsr-x 7 mpasternacki cl-openid 4096 May 5 2008 svn
>>>> drwxrwsr-x 10 mpasternacki www-data 4096 May 16 2008 trac
>>>>
>>>> In result, the project members other than the directory owner can't use trac-admin or
>>>> edit trac.ini.
>>>>
>>>> Is there a way to overcome this, other than every time assigning the user owner of the
>>>> 'trac' directory to the project member desiring to change the files?
>>>>
>>>> I assume we can't just change the group owner to cl-openid here, because www-data
>>>> needs write access to 'trac' directory (when the trac python code tries to save something
>>>> there).
>>>>
>>>> Best regards,
>>>> - Anton
>>>>
>>>> _______________________________________________
>>>> clo-devel mailing list
>>>> clo-devel at common-lisp.net
>>>> http://lists.common-lisp.net/cgi-bin/mailman/listinfo/clo-devel
>>> _______________________________________________
>>> clo-devel mailing list
>>> clo-devel at common-lisp.net
>>> http://lists.common-lisp.net/cgi-bin/mailman/listinfo/clo-devel
More information about the clo-devel
mailing list