Ah, well I guess that's not as bad as I feared. Didn't realise you could lock down sudo access to a specific account that isn't root.
I guess what I would have done is have a service of some sort (possibly hand-crafted in Ruby) running with the Sphinx user, and when it's informed (however that may be - perhaps a process signal, perhaps a socket connection, perhaps touching a given file), it'll run the indexing. Thus no need for sudo setup, and you have the clear avenue for communication from one user/process to the other. Granted, it's probably a little bit of work, and you've got something that functions fine, so stick with it :) -- Pat On 07/06/2012, at 4:30 PM, Nate Vack wrote: > On Thursday, June 7, 2012 3:49:10 AM UTC-5, Pat Allan wrote: > Though I'm not a fan of the sudo access… granted, it would be nice to have > Sphinx running as its own user, though that's certainly a complication that > TS doesn't allow for. > > > What about the sudo access do you dislike? > > I'm not allowing my app user to sudo root; it's limited to the sphinxsearch > user. With a little(!) more work, I could limit it further, so it only has > access to run /usr/bin/indexer. Doesn't seem any worse than just running > searchd as my web user. > > -n > > -- > You received this message because you are subscribed to the Google Groups > "Thinking Sphinx" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/thinking-sphinx/-/sC-jd6nlyekJ. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/thinking-sphinx?hl=en. -- You received this message because you are subscribed to the Google Groups "Thinking Sphinx" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/thinking-sphinx?hl=en.
