couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <nsla...@apache.org>
Subject Re: svn commit: r1001283 - in /couchdb/trunk/etc/couchdb: Makefile.am default.ini.tpl.in
Date Wed, 29 Sep 2010 12:05:49 GMT

On 28 Sep 2010, at 18:28, Benoit Chesneau wrote:

> On Tue, Sep 28, 2010 at 6:49 PM, Noah Slater <nslater@apache.org> wrote:
>> 
>> On 28 Sep 2010, at 08:10, Benoit Chesneau wrote:
>> 
>>> About /var/run vs /var/lib, that just sometimes you gave different
>>> privileges on this folders, giving the possibility to read one or not.
>>> This is not only a question of giving a "state". I'm actually thinking
>>> that we may want to have this info in /tmp path  where we save
>>> generally such info. Dbus does this, mysql does this for the socket
>>> (by default) ...  /tmp is available for everyone. While /var/run  is
>>> working for root apps, it doesn't for apps launched per users.
>> 
>> When you install CouchDB, you should configure the /var/run/couchdb directory to
be world readable and group/user writable. This keeps it secure, while allowing process to
read from it. I believe this is documented in the README. I don't think the location of world
writable sockets is related.
> 
> You expect here there will be one couchdb. But you could have a
> couchdb per user. Then you need to distinct each users.  You could of
> course put all these users in /var/run, but this isn't something
> possible on all systems. You don't want /var/run world readable for
> some obvious security reason.

Each CouchDB instance should be configured to use a separate directory:

/srv/username1/var/run/couchdb
/srv/username2/var/run/couchdb
/srv/username3/var/run/couchdb


Mime
View raw message