cppcms-users

[Cppcms-users] Apache2/FCgi external server: socket ownership problems

[augustin <aug...@ov...>]

Hello,

I recently finally managed to set up Apache2 with FastCGI, start by the web 
server:
http://art-blog.no-
ip.info/wikipp/en/page/cppcms_1x_tut_web_server_config#Apache..FastCGI..Start.by.Web.Server

I documented the solution to some problems I came across :
http://art-blog.no-
ip.info/wikipp/en/page/cppcms_1x_server_configuration_troubleshooting


Now, I am trying to configure Apache, FastCGI, Independent start for easier 
development.
It's working, but FastCGI has a socket permission problem:
When I start the application, the socket has only write access for my user 
(me) but not for the web server user www-data.
I can fix this easily by chmod a+w the socket.
Is there any way to configure the socket (or config.js) so that by default the 
www-data user has write access to it?


Augustin.




-- 
Friends: http://www.reuniting.info/ http://activistsolutions.org/
My projects:
http://astralcity.org/ http://3enjeux.overshoot.tv/ http://linux.overshoot.tv/ 
http://overshoot.tv/ http://charityware.info/ http://masquilier.org/
http://openteacher.info/ http://minguo.info/ 
http://www.wechange.org/ http://searching911.info/












.

Re: [Cppcms-users] Apache2/FCgi external server: socket ownership problems

[Artyom <art...@ya...>]

Hi,

You likely need to run the Apache and CppCMS under same group,
This is very good idea for security reasons.

Now setting the socket to a+w is bad... If you really
want to do this (which I do not suggest)

Put at the main() of your progam 

   umask(0777)

If you can't run them in same group: use TCP/IP sockets.

Artyom




----- Original Message ----
> From: augustin <aug...@ov...>
> To: cpp...@li...
> Sent: Tue, January 11, 2011 5:43:42 AM
> Subject: [Cppcms-users] Apache2/FCgi external server: socket ownership 
problems
> 
> 
> Hello,
> 
> I recently finally managed to set up Apache2 with FastCGI,  start by the web 
> server:
> http://art-blog.no-
>ip.info/wikipp/en/page/cppcms_1x_tut_web_server_config#Apache..FastCGI..Start.by.Web.Server
>r
> 
> I  documented the solution to some problems I came across :
> http://art-blog.no-
> ip.info/wikipp/en/page/cppcms_1x_server_configuration_troubleshooting
> 
> 
> Now,  I am trying to configure Apache, FastCGI, Independent start for easier 
> development.
> It's working, but FastCGI has a socket permission  problem:
> When I start the application, the socket has only write access for  my user 
> (me) but not for the web server user www-data.
> I can fix this  easily by chmod a+w the socket.
> Is there any way to configure the socket (or  config.js) so that by default the 
>
> www-data user has write access to  it?
> 
> 
> Augustin.
> 
> 
> 
> 
> -- 
> Friends:  http://www.reuniting.info/ http://activistsolutions.org/
> My  projects:
> http://astralcity.org/ http://3enjeux.overshoot.tv/  http://linux.overshoot.tv/ 
>
> http://overshoot.tv/ http://charityware.info/  http://masquilier.org/
> http://openteacher.info/ http://minguo.info/ 
> http://www.wechange.org/  http://searching911.info/
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> .
> 
> ------------------------------------------------------------------------------
> Gaining  the trust of online customers is vital for the success of any company
> that  requires sensitive data to be transmitted over the Web.   Learn how to 
> best implement a security strategy that keeps consumers' information secure 
> and instills the confidence they need to proceed with  transactions.
> http://p.sf.net/sfu/oracle-sfdevnl 
> _______________________________________________
> Cppcms-users mailing  list
> Cpp...@li...
> https://lists.sourceforge.net/lists/listinfo/cppcms-users
> 


      

Re: [Cppcms-users] Apache2/FCgi external server: socket ownership problems

[augustin <aug...@ov...>]

On Tuesday 11 January 2011 04:14:39 pm Artyom wrote:
> You likely need to run the Apache and CppCMS under same group,
> This is very good idea for security reasons.
> 
> Now setting the socket to a+w is bad... If you really
> want to do this (which I do not suggest)
> 
> Put at the main() of your progam 
> 
>    umask(0777)
> 

I understand the security implications.
I was simply looking for something convenient, to use locally on my 
development platform.

The problem is, on a Debian system, apache runs as www-data, 
and even if my app has the group www-data, the group does not have write 
access to the socket, so I still need to sudo to fix it after each compile and 
restart: I was trying to find a way to lazy my way out of this ;)

Never mind about this. I'll find an acceptable solution, both convenient and 
secure.

Thanks.

A.






-- 
Friends: http://www.reuniting.info/ http://activistsolutions.org/
My projects:
http://astralcity.org/ http://3enjeux.overshoot.tv/ http://linux.overshoot.tv/ 
http://overshoot.tv/ http://charityware.info/ http://masquilier.org/
http://openteacher.info/ http://minguo.info/ 
http://www.wechange.org/ http://searching911.info/












.

Re: [Cppcms-users] Apache2/FCgi external server: socket ownership problems

[Artyom <art...@ya...>]

> 
> I understand the security implications.
> I was simply looking for  something convenient, to use locally on my 
> development platform.
> 

See cppcms_run script documentation:

  http://art-blog.no-ip.info/wikipp/en/page/ref_utils#run

It is little bit not updated but you only need to replace -c config.txt with -c 
config.js 

It is very useful for debugging with specific web server.

Artyom