On Fri, Sep 2, 2011 at 1:48 PM, Koen Deforche <[email protected]> wrote: > Hey Pau, > > 2011/9/1 Pau Garcia i Quiles <[email protected]>: >> Case 1: wthttp webapp >> ================= > > Actually, /var/run/wt is not needed (or used) for deployments using > wthttp. It is only used for wtfcgi.
Good to know! > But an init script is of course useful! > > Although if you run the wt application as root, we probably should be > implementing the procedure of releasing superuser permissions as soon > as we have started listening on the privileged ports (80, 443). Init scripts switch the user from root to whatever they want. For Debian derivatives, the proper user and group for Wt apps would be www-data. > In case of running behind a reverse proxy (the more common case, I > think), I would always recommend to run as a normal unprivileged user. I agree. The init script starts the Wt app as the unprivileged user (www-data for Debian/Ubuntu), Apache/lighttpd/cherokee/whatever does the forwarding. >> Case 2: wtfcgi webapp >> ================= >> >> In this case, there is no init script: the app is run directly by the >> HTTP server. And frankly, I cannot think of a good solution: > > There is actually a way to start and stop FastCGI applications > independently from the FastCGI server, using a tool that is > distributed with FastCGI. Perhaps this is what we should recommend > then as an init-script procedure ? > > See: > http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html#FastCgiExternalServer > and the mention of the 'cgi-fcgi' tool. The problem remains the same: cgi-fcgi, or whatever wrapper you write to start the wtfcgi app, is started by the HTTP server user, which has no privileges to create a directory under /var/run. -- Pau Garcia i Quiles http://www.elpauer.org (Due to my workload, I may need 10 days to answer) ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ witty-interest mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/witty-interest
