Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 33729 invoked from network); 29 Sep 2010 12:06:27 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 29 Sep 2010 12:06:27 -0000 Received: (qmail 58414 invoked by uid 500); 29 Sep 2010 12:06:26 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 57927 invoked by uid 500); 29 Sep 2010 12:06:22 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 57919 invoked by uid 99); 29 Sep 2010 12:06:21 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Sep 2010 12:06:21 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [140.211.11.9] (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 29 Sep 2010 12:06:14 +0000 Received: (qmail 33640 invoked by uid 99); 29 Sep 2010 12:05:53 -0000 Received: from localhost.apache.org (HELO [192.168.0.10]) (127.0.0.1) (smtp-auth username nslater, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Sep 2010 12:05:53 +0000 Subject: Re: svn commit: r1001283 - in /couchdb/trunk/etc/couchdb: Makefile.am default.ini.tpl.in Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: Noah Slater In-Reply-To: X-Noah: Awesome Date: Wed, 29 Sep 2010 13:05:49 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <1744573F-1AFD-43FF-9640-1925DFE244A5@apache.org> References: <20100925173757.C583A23889ED@eris.apache.org> <79D74715-4889-4613-BEE3-B7905EDA6532@apache.org> <4D78D382-D114-4969-8056-772360FD4DFD@apache.org> To: dev@couchdb.apache.org X-Mailer: Apple Mail (2.1081) X-Virus-Checked: Checked by ClamAV on apache.org On 28 Sep 2010, at 18:28, Benoit Chesneau wrote: > On Tue, Sep 28, 2010 at 6:49 PM, Noah Slater = wrote: >>=20 >> On 28 Sep 2010, at 08:10, Benoit Chesneau wrote: >>=20 >>> About /var/run vs /var/lib, that just sometimes you gave different >>> privileges on this folders, giving the possibility to read one or = not. >>> This is not only a question of giving a "state". I'm actually = thinking >>> that we may want to have this info in /tmp path where we save >>> generally such info. Dbus does this, mysql does this for the socket >>> (by default) ... /tmp is available for everyone. While /var/run is >>> working for root apps, it doesn't for apps launched per users. >>=20 >> When you install CouchDB, you should configure the /var/run/couchdb = directory to be world readable and group/user writable. This keeps it = secure, while allowing process to read from it. I believe this is = documented in the README. I don't think the location of world writable = sockets is related. >=20 > You expect here there will be one couchdb. But you could have a > couchdb per user. Then you need to distinct each users. You could of > course put all these users in /var/run, but this isn't something > possible on all systems. You don't want /var/run world readable for > some obvious security reason. Each CouchDB instance should be configured to use a separate directory: /srv/username1/var/run/couchdb /srv/username2/var/run/couchdb /srv/username3/var/run/couchdb