I am learning RoR on CentOS 5. What would be the ideal way to set permissions in the app folder? The rails default did not work for me. I use git and apache/passenger. Everything works now that I - added apache to the group git (by modifying /etc/group) - did the following at tha app root chown -R root:git * chmod -R 775 * Howerer, this is probably too wide. It seems to me that somebody else is using the view templates besides apache, because 770 gives an error. Or else Passenger does not respect the fact that apache was added to the git group.
on 2013-03-15 14:17
on 2013-03-15 14:34
On Fri, Mar 15, 2013 at 7:41 AM, Jussi Hirvi <jushirvi@gmail.com> wrote: > > It seems to me that somebody else is using the view templates besides > apache, because 770 gives an error. Or else Passenger does not respect the > fact that apache was added to the git group. Passenger runs as the user and group Apache runs as. That said you should not need to add the executable bit to any Ruby file unless it's a bin file, Ruby is not PHP (actually that always kinda annoyed me about PHP a bit :/..) That said, even if Apache was added to the git group that does not mean that Apache will run with the git group since Apache sets it's user and group. Your best bet in that situation is to set the group via configurations. I don't know how CentOS sets up Apache so you'll have to grep that out. On the permissions part, I would probably set it up as 640.
on 2013-03-15 20:44
On Friday, March 15, 2013 3:33:39 PM UTC+2, Jordon Bedwell wrote: > > Passenger runs as the user and group Apache runs as. I once got an error message which implied that the db dir should be accessible to the user nobody:nobody - and my apache is set to run as apache:apache. I haven't tested this, though. As a temporary solution my db directory is now world-writable. > That said you > should not need to add the executable bit to any Ruby file unless it's > a bin file, Ruby is not PHP (actually that always kinda annoyed me > about PHP a bit :/..) I had the exec bit on only because of directory access. I was too lazy to adjust separately for files and directories. > That said, even if Apache was added to the git > group that does not mean that Apache will run with the git group since > Apache sets it's user and group. Your best bet in that situation is to > set the group via configurations. I don't know how CentOS sets up > Apache so you'll have to grep that out. > > On the permissions part, I would probably set it up as 640. > Let's see... I switched the group assignments so that now git is a member of apache group (and not vice versa). Both apache and git seem to work ok. Also I made this bash script which I run now and then. So far I am good with this. The permissions are not quite optimal, though. For example I don't like world-writable directories. # this file should be at the project root myproj='.' # basic settings chgrp -R apache $myproj; chmod -R 774 $myproj; # project dir chmod o+x $myproj; # subdirs and their contents find $myproj/* -type d -exec chmod 2775 {} \;; chmod -R 777 $myproj/db $myproj/tmp; chmod 666 $myproj/log/*; - Jussi
on 2013-03-15 21:00
On Friday, March 15, 2013 7:42:45 PM UTC, Jussi Hirvi wrote: > apache:apache. I haven't tested this, though. As a temporary solution my > db directory is now world-writable. > You can configure which user your ruby code runs at. Whatever user that is clearly needs read access to your app (and possibly write access to tmp) Fred
on 2013-03-16 18:54
On Friday, March 15, 2013 9:59:24 PM UTC+2, Frederick Cheung wrote: > > You can configure which user your ruby code runs at. Whatever user that is > clearly needs read access to your app (and possibly write access to tmp) > I found a way to do this - using the Process::UID module. http://ruby-doc.org/core-2.0/Process/UID.html Where should i put this in my project? And would it be harmful to use the "apache" user - same as Apache/Passenger? That would simplify setting the permissions in the project directory. BTW, why cannot I post in this group with Thunderbird? Those emails just vanish and never get to the group. I can only post with browser, using groups.google.com. Is this normal? - Jussi
on 2013-03-16 22:13
On 16 March 2013 17:53, Jussi Hirvi <jushirvi@gmail.com> wrote: > ... > BTW, why cannot I post in this group with Thunderbird? Those emails just > vanish and never get to the group. I can only post with browser, using > groups.google.com. Is this normal? Is the email address you use with thunderbird the one you used to register with? Colin
on 2013-03-17 18:06
On Saturday, March 16, 2013 11:11:21 PM UTC+2, Colin Law wrote: > > Is the email address you use with thunderbird the one you used to register > with? > > Yes. - Jussi
on 2013-03-17 19:48
On Saturday, March 16, 2013 5:53:14 PM UTC, Jussi Hirvi wrote: > Where should i put this in my project? And would it be harmful to use the > "apache" user - same as Apache/Passenger? That would simplify setting the > permissions in the project directory. > > You should just be able to set this in the virtual host configuration. Fred
on 2013-03-20 10:26
On Sunday, March 17, 2013 8:47:23 PM UTC+2, Frederick Cheung wrote: > > You should just be able to set this in the virtual host configuration. > > Now I found a way to do this. I could add PassengerDefaultUser apache # (or whichever user you like except root) to the virtual host block of the apache conf. I just tested this, and it works. But there is a more elegant way. All the necessary information is here: http://www.modrails.com/documentation/Users%20guid... In essence, you just need to change the owner of config/environment.rb. This I did not test yet, though. - Jussi
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.