Re: Advice on deploying wsgi app using jsonfas
On Mon, 30 Jun 2008 17:18:04 -0400 Robin Norwood <[EMAIL PROTECTED]> wrote: > Unable to write to session file /var/www/.fedora_session: [Errno 13] > Permission denied: '/var/www/.fedora_session' Ok, I think I figured this out a bit more. When Toshio gave me code to do the FAS stuff, he included a class called 'UserCache'. Setting this up is what was triggering the creation of the evil .fedora_session file. Just getting rid of the code that sets up the cache seems to be enough to get me working again, and users can still log in. I'm not sure what the performance implications are, but I can discuss with Toshio when he gets back. -RN -- Robin Norwood Red Hat, Inc. "The Sage does nothing, yet nothing remains undone." -Lao Tzu, Te Tao Ching ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Advice on deploying wsgi app using jsonfas
On Mon, 30 Jun 2008 16:34:27 -0500 (CDT)
Mike McGrath <[EMAIL PROTECTED]> wrote:
> On Mon, 30 Jun 2008, Robin Norwood wrote:
>
> > Hi,
> >
> > So I'm working to get amber packaged and deployable as a wsgi app
> > so I can run a demo on publictest10. I've made pretty fair
> > progress getting things up and running (on my local system first to
> > make sure it works), but I've run into an issue.
> >
> > For the setup, I'm basically ripping off the way Ricky Zhou set up
> > fas wholesale. I have an amber.conf file in /etc/httpd/conf.d,
> > which refers to an amber.wsgi file. All of that seems to work
> > fine. The problem happens when I try to connect. I get a 500
> > error with the following in httpd's error log:
> >
> > Unable to write to session file /var/www/.fedora_session: [Errno 13]
> > Permission denied: '/var/www/.fedora_session'
> >
> > Well, it turns out that this is because my app is using jsonfas,
> > which uses fedora.client.BaseClient. In fedora/client/__init__.py,
> > I find:
> >
> > SESSION_FILE = path.join(path.expanduser('~'), '.fedora_session')
> >
> > Which explains the error - my app is running under apache, and
> > while /var/www is apache's homedir, apache can't write to that
> > directory.
> >
> > So, as anyone else worked around this with another turbogears app
> > running under wsgi and using jsonfas? Since turbogears and fas are
> > both pretty common, it seems likely that someone here has already
> > dealt with this.
>
> Does your application prompt users for their username and password or
> does it have one listed in the configs somewhere to access fas? I'm
> not familiar with the .fedora_session format, does it store everyone's
> sessions?
I believe it does. The way it seems to work is that I specify a user
to connect to FAS in the config - this gets me a fas session. Then,
the user enters a username/password from the web form, and jsonfas
'does magic' to authenticate the user.
> I'm asuming that if someone had access to it they'd be able to become
> whoever was logged in at that time. Probably to other applications as
> well. I'd like to hear Toshio's advice on this, I believe he's the
> primary architect of how .fedora_session should behave
Yeah, Toshio is the one who set this up to begin with. I don't know if
he's ever used this sort of setup under wsgi/httpd, though.
-RN
--
Robin Norwood
Red Hat, Inc.
"The Sage does nothing, yet nothing remains undone."
-Lao Tzu, Te Tao Ching
___
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Advice on deploying wsgi app using jsonfas
On Mon, 30 Jun 2008, Robin Norwood wrote:
> Hi,
>
> So I'm working to get amber packaged and deployable as a wsgi app so I
> can run a demo on publictest10. I've made pretty fair progress getting
> things up and running (on my local system first to make sure it works),
> but I've run into an issue.
>
> For the setup, I'm basically ripping off the way Ricky Zhou set up fas
> wholesale. I have an amber.conf file in /etc/httpd/conf.d, which
> refers to an amber.wsgi file. All of that seems to work fine. The
> problem happens when I try to connect. I get a 500 error with the
> following in httpd's error log:
>
> Unable to write to session file /var/www/.fedora_session: [Errno 13]
> Permission denied: '/var/www/.fedora_session'
>
> Well, it turns out that this is because my app is using jsonfas, which
> uses fedora.client.BaseClient. In fedora/client/__init__.py, I find:
>
> SESSION_FILE = path.join(path.expanduser('~'), '.fedora_session')
>
> Which explains the error - my app is running under apache, and
> while /var/www is apache's homedir, apache can't write to that
> directory.
>
> So, as anyone else worked around this with another turbogears app
> running under wsgi and using jsonfas? Since turbogears and fas are
> both pretty common, it seems likely that someone here has already dealt
> with this.
Does your application prompt users for their username and password or does
it have one listed in the configs somewhere to access fas? I'm not
familiar with the .fedora_session format, does it store everyone's
sessions?
I'm asuming that if someone had access to it they'd be able to become
whoever was logged in at that time. Probably to other applications as
well. I'd like to hear Toshio's advice on this, I believe he's the
primary architect of how .fedora_session should behave
-Mike
___
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Advice on deploying wsgi app using jsonfas
Hi,
So I'm working to get amber packaged and deployable as a wsgi app so I
can run a demo on publictest10. I've made pretty fair progress getting
things up and running (on my local system first to make sure it works),
but I've run into an issue.
For the setup, I'm basically ripping off the way Ricky Zhou set up fas
wholesale. I have an amber.conf file in /etc/httpd/conf.d, which
refers to an amber.wsgi file. All of that seems to work fine. The
problem happens when I try to connect. I get a 500 error with the
following in httpd's error log:
Unable to write to session file /var/www/.fedora_session: [Errno 13]
Permission denied: '/var/www/.fedora_session'
Well, it turns out that this is because my app is using jsonfas, which
uses fedora.client.BaseClient. In fedora/client/__init__.py, I find:
SESSION_FILE = path.join(path.expanduser('~'), '.fedora_session')
Which explains the error - my app is running under apache, and
while /var/www is apache's homedir, apache can't write to that
directory.
So, as anyone else worked around this with another turbogears app
running under wsgi and using jsonfas? Since turbogears and fas are
both pretty common, it seems likely that someone here has already dealt
with this.
Thanks,
-RN
--
Robin Norwood
Red Hat, Inc.
"The Sage does nothing, yet nothing remains undone."
-Lao Tzu, Te Tao Ching
___
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
