[symfony-users] Any good reason to execute symfony with sudo?
Hi, im wondering if is there any good reason to execute symfony with sudo. Javi -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
Re: [symfony-users] Any good reason to execute symfony with sudo?
not quite. Chown the sf_root folder to match your user and pass. Alecs On Thu, Jan 7, 2010 at 10:09 PM, Javier Garcia tirengar...@gmail.comwrote: Hi, im wondering if is there any good reason to execute symfony with sudo. Javi -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.comsymfony-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Have a nice day! Alecs As programmers create bigger better idiot proof programs, so the universe creates bigger better idiots! I am on web: http://www.alecslupu.ro/ I am on twitter: http://twitter.com/alecslupu I am on linkedIn: http://www.linkedin.com/in/alecslupu Tel: (+4)0748.543.798 -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
Re: [symfony-users] Any good reason to execute symfony with sudo?
I sometimes need to use sudo when clearing the cache or running fix-perms since apache usually runs as a different user than the owner of the directory. For the normal generator related stuff, no. On Jan 7, 2010, at 3:40 PM, Alexandru-Emil Lupu wrote: not quite. Chown the sf_root folder to match your user and pass. Alecs On Thu, Jan 7, 2010 at 10:09 PM, Javier Garcia tirengar...@gmail.com wrote: Hi, im wondering if is there any good reason to execute symfony with sudo. Javi -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Have a nice day! Alecs As programmers create bigger better idiot proof programs, so the universe creates bigger better idiots! I am on web: http://www.alecslupu.ro/ I am on twitter: http://twitter.com/alecslupu I am on linkedIn: http://www.linkedin.com/in/alecslupu Tel: (+4)0748.543.798 -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Jacob Coby -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
Re: [symfony-users] Any good reason to execute symfony with sudo?
you can put yourself in www-data group ... :) On Thu, Jan 7, 2010 at 10:47 PM, Jacob Coby jc...@portallabs.com wrote: I sometimes need to use sudo when clearing the cache or running fix-perms since apache usually runs as a different user than the owner of the directory. For the normal generator related stuff, no. On Jan 7, 2010, at 3:40 PM, Alexandru-Emil Lupu wrote: not quite. Chown the sf_root folder to match your user and pass. Alecs On Thu, Jan 7, 2010 at 10:09 PM, Javier Garcia tirengar...@gmail.com wrote: Hi, im wondering if is there any good reason to execute symfony with sudo. Javi -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.comsymfony-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Have a nice day! Alecs As programmers create bigger better idiot proof programs, so the universe creates bigger better idiots! I am on web: http://www.alecslupu.ro/ I am on twitter: http://twitter.com/alecslupu I am on linkedIn: http://www.linkedin.com/in/alecslupu Tel: (+4)0748.543.798 -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.comsymfony-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Jacob Coby -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.comsymfony-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Have a nice day! Alecs As programmers create bigger better idiot proof programs, so the universe creates bigger better idiots! I am on web: http://www.alecslupu.ro/ I am on twitter: http://twitter.com/alecslupu I am on linkedIn: http://www.linkedin.com/in/alecslupu Tel: (+4)0748.543.798 -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
Re: [symfony-users] Any good reason to execute symfony with sudo?
Apache and Php needs write right to cache dir, this is why it is chmod'ed 777 using project:permissions task. You probably want apache and php read rights to read .php and other stuff, and need them write rights for cache and other dynamic-related folders (upload, etc). Before Printing, Think about Your Environmental Responsibility! Avant d'Imprimer, Pensez à Votre Responsabilitée Environnementale! On Thu, Jan 7, 2010 at 9:47 PM, Jacob Coby jc...@portallabs.com wrote: I sometimes need to use sudo when clearing the cache or running fix-perms since apache usually runs as a different user than the owner of the directory. For the normal generator related stuff, no. On Jan 7, 2010, at 3:40 PM, Alexandru-Emil Lupu wrote: not quite. Chown the sf_root folder to match your user and pass. Alecs On Thu, Jan 7, 2010 at 10:09 PM, Javier Garcia tirengar...@gmail.com wrote: Hi, im wondering if is there any good reason to execute symfony with sudo. Javi -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.comsymfony-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Have a nice day! Alecs As programmers create bigger better idiot proof programs, so the universe creates bigger better idiots! I am on web: http://www.alecslupu.ro/ I am on twitter: http://twitter.com/alecslupu I am on linkedIn: http://www.linkedin.com/in/alecslupu Tel: (+4)0748.543.798 -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.comsymfony-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Jacob Coby -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.comsymfony-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
Re: [symfony-users] Any good reason to execute symfony with sudo?
I would only give write permissions by the user running php (most of the times www-data) to cache, log and the upload directory. All else should be read only and preferable have another user, like the deployer (nathan in my case). Also it's considered very bad practice to give a file/directory 777 permissions, most of the time it's sufficient to chgrp the needed files and do chmod g+rw. Nathan -- nathan @ http://twitter.com/nathan_gs nathan.gs http://nathan.gs/?utm_source=mailing-listutm_medium=emailutm_campaign=blog On Thu, Jan 7, 2010 at 10:32 PM, Stéphane stephane.er...@gmail.com wrote: Apache and Php needs write right to cache dir, this is why it is chmod'ed 777 using project:permissions task. You probably want apache and php read rights to read .php and other stuff, and need them write rights for cache and other dynamic-related folders (upload, etc). Before Printing, Think about Your Environmental Responsibility! Avant d'Imprimer, Pensez à Votre Responsabilitée Environnementale! On Thu, Jan 7, 2010 at 9:47 PM, Jacob Coby jc...@portallabs.com wrote: I sometimes need to use sudo when clearing the cache or running fix-perms since apache usually runs as a different user than the owner of the directory. For the normal generator related stuff, no. On Jan 7, 2010, at 3:40 PM, Alexandru-Emil Lupu wrote: not quite. Chown the sf_root folder to match your user and pass. Alecs On Thu, Jan 7, 2010 at 10:09 PM, Javier Garcia tirengar...@gmail.com wrote: Hi, im wondering if is there any good reason to execute symfony with sudo. Javi -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.comsymfony-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Have a nice day! Alecs As programmers create bigger better idiot proof programs, so the universe creates bigger better idiots! I am on web: http://www.alecslupu.ro/ I am on twitter: http://twitter.com/alecslupu I am on linkedIn: http://www.linkedin.com/in/alecslupu Tel: (+4)0748.543.798 -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.comsymfony-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Jacob Coby -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.comsymfony-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.comsymfony-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
Re: [symfony-users] Any good reason to execute symfony with sudo?
What Nathan said. Unless your Symfony app is using backtick, passthru, exec or similar operators to execute shell commands (that MUST be run by root [is there any?]) then you shouldn't run Symfony as root or via sudo. It's simply bad practice, and introduces many more attack vectors to exploit. Everything that needs to be done regarding permissions to cache, log, tmp etc dirs can be configured by a competent sysadmin so that you don't need special or elevated permissions. Regarding what Nathan says about the deployer - I usually go as far as having a read-only SVN user named checkout which is used in combination with a certificate, so that checkouts can be made as that user, passwordless, to the deployment target. If necessary regular users can perform checkouts and updates on the live platform simply by switching users to checkout user. On 7 Jan 2010, at 22:05, Nathan wrote: I would only give write permissions by the user running php (most of the times www-data) to cache, log and the upload directory. All else should be read only and preferable have another user, like the deployer (nathan in my case). Also it's considered very bad practice to give a file/directory 777 permissions, most of the time it's sufficient to chgrp the needed files and do chmod g+rw. Nathan -- nathan @ nathan.gs On Thu, Jan 7, 2010 at 10:32 PM, Stéphane stephane.er...@gmail.com wrote: Apache and Php needs write right to cache dir, this is why it is chmod'ed 777 using project:permissions task. You probably want apache and php read rights to read .php and other stuff, and need them write rights for cache and other dynamic-related folders (upload, etc). Before Printing, Think about Your Environmental Responsibility! Avant d'Imprimer, Pensez à Votre Responsabilitée Environnementale! On Thu, Jan 7, 2010 at 9:47 PM, Jacob Coby jc...@portallabs.com wrote: I sometimes need to use sudo when clearing the cache or running fix-perms since apache usually runs as a different user than the owner of the directory. For the normal generator related stuff, no. On Jan 7, 2010, at 3:40 PM, Alexandru-Emil Lupu wrote: not quite. Chown the sf_root folder to match your user and pass. Alecs On Thu, Jan 7, 2010 at 10:09 PM, Javier Garcia tirengar...@gmail.com wrote: Hi, im wondering if is there any good reason to execute symfony with sudo. Javi -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Have a nice day! Alecs As programmers create bigger better idiot proof programs, so the universe creates bigger better idiots! I am on web: http://www.alecslupu.ro/ I am on twitter: http://twitter.com/alecslupu I am on linkedIn: http://www.linkedin.com/in/alecslupu Tel: (+4)0748.543.798 -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- Jacob Coby -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en. -- You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.