Adam Megacz wrote: > - It assumes that $USER/logs/apache exists, and that user.cgi has > wlid permissions on it. I have adjusted create-user to make sure > this is the case, but we may need to do it manually for users that > already exist. >
What's the reasoning behind 'user.cgi' instead of 'user'? Logs need not be related to dynamically-generated pages, so at the very least this seems like a small semantic mismatch. I see how it's good to use a principal that isn't allowed to trample a user's other stuff, and perhaps it's best to avoid creating a new one for this, but I'd just like to know if I missed some way in which this is related to dynamic content. > - It assumes that (local) /var/log/apache/u/us/user/ is: > > - owned by $USER > - grouped to www-data > - mode ug+rw > > It will change this if it is not the case while it is still root. > Please let me know if you think that this is accurate. I think we > can relax the group=www-data restriction because Apache opens > logfiles while it's still root, right? > That's right. Apache opens logs as root. _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
