I have made the suggested change for the cl-openid project. Please test whether things work. I will make the change for all other projects and the trac setup script once I've got your positive feedback.
-Hans
On Thu, Sep 8, 2011 at 10:32 AM, Anton Vodonosov avodonosov@yandex.ru wrote:
Yes. But there is also high probability that the web server will need write access to the same files which are useful for project members to have write access to.
For example trac-admin needs write access to file system, and most likely the admin web interface needs write access to the same files.
Another idea: why not make www-data the user owner, and the project group the group owner with write access?
Best regards,
- Anton
08.09.2011, 09:52, "Hans Hübner" hans.huebner@gmail.com:
Hi Anton,
presumably, the trac directory has a different group because trac wants to store files in there (session information, uploads and the like). Maybe you can find out exactly what the web server needs to write to (i.e. use trac, see what files and directories change) and then chgrp those files that the web server needs no write access to. If you could share your findings, we can make that setup be part of the standard trac setup.
Thanks! Hans
On Thu, Sep 8, 2011 at 2:31 AM, Anton Vodonosov avodonosov@yandex.ru wrote:
Hello.
As I see, all the file system content of project directories has the group owner named after the project name. Except for the 'trac' subdirectory, which has group owner = 'www-data'.
For example:
# cd /project/cl-openid # ls -l
total 16 drwxrwsr-x 3 mpasternacki cl-openid 4096 Jun 5 04:55 cvsroot lrwxrwxrwx 1 postfix cl-openid 30 Sep 24 2008 ftp -> /var/ftp/pub/project/cl-openid drwxrwsr-x 4 mpasternacki cl-openid 4096 Aug 16 12:59 public_html drwxrwsr-x 7 mpasternacki cl-openid 4096 May 5 2008 svn drwxrwsr-x 10 mpasternacki www-data 4096 May 16 2008 trac
In result, the project members other than the directory owner can't use trac-admin or edit trac.ini.
Is there a way to overcome this, other than every time assigning the user owner of the 'trac' directory to the project member desiring to change the files?
I assume we can't just change the group owner to cl-openid here, because www-data needs write access to 'trac' directory (when the trac python code tries to save something there).
Best regards, - Anton
_______________________________________________ clo-devel mailing list clo-devel@common-lisp.net http://lists.common-lisp.net/cgi-bin/mailman/listinfo/clo-devel
clo-devel mailing list clo-devel@common-lisp.net http://lists.common-lisp.net/cgi-bin/mailman/listinfo/clo-devel