bloodhound-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Ollos <ryan.ol...@wandisco.com>
Subject Re: Running Bloodhound via apache: 404
Date Tue, 17 Sep 2013 20:08:11 GMT
On Tue, Sep 17, 2013 at 12:24 PM, Jared Duncan <j@jdunk.com> wrote:

> Thanks Ryan, that input is helpful.  I'd be pretty shocked if it actually
> needed write permission in particular to most files/dirs (many of them libs
> and docs) from the highest root "bloodhound" level (parent of "installer")
> and down, though, so wondering if perhaps someone who has worked on the
> daemon might know.
>

At least for the environment directory, the user that the webserver runs
under must have write permission. See:
https://issues.apache.org/bloodhound/wiki/TracInstall#CreatingaProjectEnvironment

This make sense for `conf` because Trac/BH needs to write to `conf/trac.in`,
for `db` because Trac/BH needs to write to `db/bloodhound.db`, for `log`
....

You might be able to have `templates` and `htdocs` as read-only by the
webserver, and same for `plugins` provided that you won't be uploading eggs
through the Plugins Admin panel.

You are probably right that Trac/Bloodhound doesn't need write permission
to the python environment directories. On my Linux distro, if you were
running with the Python interpreter installed in /usr/local, the webserver
would only have read access to those files.

Someone what related, it was raised by at least one user on IRC some months
back that the Python virtual environment and Trac/Bloodhound environment
should probably not be installed inside of the source tree, and the steps
we have documented tell the user to put the environments inside of the
extracted source directory:
https://issues.apache.org/bloodhound/wiki/BloodhoundInstall#Installation

Alternatively, a structure that seems to be fairly common is:

/srv/site-name/python-virtualenv
/srv/site-name/bloodhound-env
/srv/site-name/bloodhound-src
/srv/site-name/www

Then, bloodhound-src can be deleted after install, and a newer version can
be extracted to that location when upgrading. Static resources are deployed
to www, and we can document the necessary permissions for each of these
directories in a simple way. I'll have to try it out to be sure, but I
think the webserver user will only need r-access to python-virtualenv and
www, and will need w-access to bloodhound-env.

Mime
View raw message