[ https://issues.apache.org/jira/browse/COUCHDB-2638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14363508#comment-14363508 ]
Yuri commented on COUCHDB-2638: ------------------------------- Ha, it may have existed for 8 years or so, but it apparently hasn't been really used much because such critical bug (read-only file that is expected to be writeable) went unnoticed. No user account could be created. :-) > CouchDB should not be writing /etc/couchdb/local.ini > ---------------------------------------------------- > > Key: COUCHDB-2638 > URL: https://issues.apache.org/jira/browse/COUCHDB-2638 > Project: CouchDB > Issue Type: Bug > Security Level: public(Regular issues) > Reporter: Yuri > Fix For: 2.0.0 > > > I am getting such messages in log on FreeBSD: > > Could not write config file /usr/local/etc/couchdb/local.ini: permission > > denied > The problem is that CoachDB supplies the original copy of local.ini, and it > is treated as a template for this configuration file. It is placed into > /usr/local/etc/couchdb/local.ini.sample, and its copy is placed into > /usr/local/etc/couchdb/local.ini. Everything under /etc is what admin > configures. Ideally admin can compare local.ini and local.ini.sample and see > if anything in default configuration was modified compared to the suggested > sample. > When the executable itself modifies local.ini too, this makes it very > confusing. Admin will be confused if he should or shouldn't touch this file. > My suggestion is that CouchDB should copy local.ini under /var/db/, or > somewhere else, and write it there. /etc isn't supposed to be writable by the > process. -- This message was sent by Atlassian JIRA (v6.3.4#6332)