On Mon, 30 Jun 2008, Robin Norwood wrote:
Hi,
So I'm working to get amber packaged and deployable as a wsgi app so I
can run a demo on publictest10. I've made pretty fair progress getting
things up and running (on my local system first to make sure it works),
but I've run into an issue.
For the setup, I'm basically ripping off the way Ricky Zhou set up fas
wholesale. I have an amber.conf file in /etc/httpd/conf.d, which
refers to an amber.wsgi file. All of that seems to work fine. The
problem happens when I try to connect. I get a 500 error with the
following in httpd's error log:
Unable to write to session file /var/www/.fedora_session: [Errno 13]
Permission denied: '/var/www/.fedora_session'
Well, it turns out that this is because my app is using jsonfas, which
uses fedora.client.BaseClient. In fedora/client/__init__.py, I find:
SESSION_FILE = path.join(path.expanduser('~'), '.fedora_session')
Which explains the error - my app is running under apache, and
while /var/www is apache's homedir, apache can't write to that
directory.
So, as anyone else worked around this with another turbogears app
running under wsgi and using jsonfas? Since turbogears and fas are
both pretty common, it seems likely that someone here has already dealt
with this.
Does your application prompt users for their username and password or does
it have one listed in the configs somewhere to access fas? I'm not
familiar with the .fedora_session format, does it store everyone's
sessions?
I'm asuming that if someone had access to it they'd be able to become
whoever was logged in at that time. Probably to other applications as
well. I'd like to hear Toshio's advice on this, I believe he's the
primary architect of how .fedora_session should behave
-Mike
___
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
