How to setup permissions on file system

Thu, 13 Oct 2011 13:35:31 -0700 

Hi !
I should ask a question about a very basic topic concerning permissions on
file system (in order to be compliant to "the standard way" of Invenio
installation).
We are testing Invenio dev version (from Git) on a amd64 debian6. (In P.S.:
the output of “inveniocfg –detect-system-details”).

Since in the INSTALL file instructions there's the command “sudo chown -R
www-data.www-data /opt/invenio”, we assume that:
- after that command we shall run everything under this user identity from
now on;
- and the Invenio default installation will run under the `www-data' user
process identity.
And we are also assuming that:
- for production purposes, Apache server is typically enabled to read all
files from the installation place but to write only in `var' subdirectory;
- and you could achieve this (for example) by configuring Unix directory
group permissions.

But, we're wondering if it's correct to have a production server with all
dir /opt/invenio under user www-data; and we are not sure to understand the
configuration you suggest for that.

Now we have this situation under /opt/invenio:

drwxr-xr-x  3 invenio  invenio  4096  5 ott 23.14 share
drwxr-xr-x  7 invenio  invenio  4096  5 ott 23.14 lib
drwxr-xr-x  2 invenio  invenio  4096  9 ott 16.57 bin
drwxr-xr-x 18 invenio  invenio  4096  9 ott 17.09 etc
drwxrwxr-x 10 www-data www-data 4096  9 ott 17.59 var

The user 'invenio' is the standard CLI user, and 'invenio' is also present
in the group 'www-data'.

Is this setup correct ?

Or do you prefer all under 'www-data' ?

Thank you for every feedback (..also a link to some documentation page)
Cheers!
Cristian

P.S.: details from “inveniocfg --detect-system-details” command (*some
character_set has to be fixed*)

* Invenio version: 1.0.0-rc0.577-5e55
* Python version: 2.6.6 (r266:84292, Dec 26 2010, 22:31:48)  [GCC 4.4.5]
* Apache version: Apache/2.2.16 (Debian) [/usr/sbin/apache2]
* MySQLdb version: 1.2.2
* MySQL version:
    - version: 5.1.49-3
    - character_set_client: utf8
    - character_set_connection: utf8
    - character_set_database: utf8
    - character_set_results: utf8
    - character_set_server: latin1
    - character_set_system: utf8
    - collation_connection: utf8_general_ci
    - collation_database: utf8_general_ci
    - collation_server: latin1_swedish_ci

Reply via email to