couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: svn commit: r1001283 - in /couchdb/trunk/etc/couchdb: Makefile.am default.ini.tpl.in
Date Wed, 29 Sep 2010 12:54:20 GMT
On Wed, Sep 29, 2010 at 2:05 PM, Noah Slater <nslater@apache.org> wrote:
>
> On 28 Sep 2010, at 18:28, Benoit Chesneau wrote:
>
>> On Tue, Sep 28, 2010 at 6:49 PM, Noah Slater <nslater@apache.org> wrote:
>>>
>>> On 28 Sep 2010, at 08:10, Benoit Chesneau wrote:
>>>
>>>> About /var/run vs /var/lib, that just sometimes you gave different
>>>> privileges on this folders, giving the possibility to read one or not.
>>>> This is not only a question of giving a "state". I'm actually thinking
>>>> that we may want to have this info in /tmp path  where we save
>>>> generally such info. Dbus does this, mysql does this for the socket
>>>> (by default) ...  /tmp is available for everyone. While /var/run  is
>>>> working for root apps, it doesn't for apps launched per users.
>>>
>>> When you install CouchDB, you should configure the /var/run/couchdb directory
to be world readable and group/user writable. This keeps it secure, while allowing process
to read from it. I believe this is documented in the README. I don't think the location of
world writable sockets is related.
>>
>> You expect here there will be one couchdb. But you could have a
>> couchdb per user. Then you need to distinct each users.  You could of
>> course put all these users in /var/run, but this isn't something
>> possible on all systems. You don't want /var/run world readable for
>> some obvious security reason.
>
> Each CouchDB instance should be configured to use a separate directory:
>
> /srv/username1/var/run/couchdb
> /srv/username2/var/run/couchdb
> /srv/username3/var/run/couchdb
>
>

/srv is a linux thing. Please don't assume every system use the same rules.

- benoît

Mime
View raw message