Thread: [openupload-devel] permissions on templates_c
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
openupload-devel
|
From: Bob M. <bo...@co...> - 2012-06-19 18:20:24
|
Greetings, I have set up openupload as a multisite installation on a server that uses mpm-itk. In case you are not familiar, mpm-itk is an apache2 package that changes uid of the web server based on the URL it is serving, so that each site can be owned by an individual user. Similar to suexec, and others I am sure. The problem I am encountering is with making the templates_c directory writable by the web server. Since the web server has a different uid depending on the site it is serving, owning the templates_c directory to the web server denies access to the directory. This creates a situation where I need to either make the templates_c directory world writable (undesirable on several levels), or I need to add each site's uid to a group and grant that group write access to templates_c (better, but administratively burdensome). Both of these ideas tested as working on a sandbox server, but I am searching for better options for production use. If the world was aligned to my desires, I would be able to have a separate templates_c directory for each site on the server that I could keep with each site's data and www directory. So far no amount of experimenting or googling has led me to a method where this can be accomplished, and I am not so good with code that I have been able to decipher where or how I might implement that. So the questions would be: is it possible to have a separate templates_c directory for each site? If there is any documentation, I haven't found it, a pointer would be kindly appreciated. And, assuming I cannot have a separate templates_c directory for each site, can anyone suggest a cleaner way to allow all sites write access to the templates_c directory? Thank you... -- Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca bo...@co... Network, Internet, Server, and Open Source Solutions |
|
From: Alessandro B. <ts...@br...> - 2012-06-19 18:28:32
|
Il 19.06.2012 19:53 Bob Miller ha scritto: > Greetings, > > I have set up openupload as a multisite installation on a server that > uses mpm-itk. In case you are not familiar, mpm-itk is an apache2 > package that changes uid of the web server based on the URL it is > serving, so that each site can be owned by an individual user. > Similar > to suexec, and others I am sure. > > The problem I am encountering is with making the templates_c > directory > writable by the web server. Since the web server has a different uid > depending on the site it is serving, owning the templates_c directory > to > the web server denies access to the directory. > > This creates a situation where I need to either make the templates_c > directory world writable (undesirable on several levels), or I need > to > add each site's uid to a group and grant that group write access to > templates_c (better, but administratively burdensome). Both of these > ideas tested as working on a sandbox server, but I am searching for > better options for production use. > > If the world was aligned to my desires, I would be able to have a > separate templates_c directory for each site on the server that I > could > keep with each site's data and www directory. So far no amount of > experimenting or googling has led me to a method where this can be > accomplished, and I am not so good with code that I have been able to > decipher where or how I might implement that. > > So the questions would be: is it possible to have a separate > templates_c > directory for each site? If there is any documentation, I haven't > found > it, a pointer would be kindly appreciated. And, assuming I cannot > have > a separate templates_c directory for each site, can anyone suggest a > cleaner way to allow all sites write access to the templates_c > directory? > Yes it's possible and it's even already available (not documented though). Use the $CONFIG['SMARTY_DATA'] variable. For more information look at the lib/base.inc.php Alessandro |
|
From: Bob M. <bo...@co...> - 2012-06-19 20:30:26
|
Alessandro:
Thank you for your reply
> > So the questions would be: is it possible to have a separate
> > templates_c
> > directory for each site? If there is any documentation, I haven't
> > found
> > it, a pointer would be kindly appreciated. And, assuming I cannot
> > have
> > a separate templates_c directory for each site, can anyone suggest a
> > cleaner way to allow all sites write access to the templates_c
> > directory?
> >
>
> Yes it's possible and it's even already available (not documented
> though).
> Use the $CONFIG['SMARTY_DATA'] variable.
>
> For more information look at the lib/base.inc.php
>
> Alessandro
I found the config['SMARTY_DATA'] variable in lib/main.inc.php. I think
that was the pointer I was looking for, thank you :)
I have one follow up question if I may regarding this snippet of code:
if (isset($this->config['SMARTY_DATA'])) {
$this->tpl->compile_dir =
$this->config['SMARTY_DATA'].'/templates_c/';
$this->tpl->cache_dir = $this->config['SMARTY_DATA'].'/cache';
I do not find a cache directory in the expected location as I do a
templates_c directory. Is that directory necessary and should I be
creating it?
Either way, presumably what I am doing is correct since everything so
far appears to be working. For the benefit of others trying to puzzle
out a layman's interpretation of this:
edit the config file in the www folder of each site, and add the
following line (I put mine right above the INSTALL_ROOT variable):
$CONFIG['SMARTY_DATA'] = '/path/to/folder/where/templates_c/lives';
then put your templates_c folder in that directory.
thanks again Alessandro
--
Bob Miller
867-334-7117 / 867-633-3760
http://computerisms.ca
bo...@co...
Network, Internet, Server,
and Open Source Solutions
|
|
From: gmartin <gm...@gm...> - 2012-06-19 19:16:04
|
I'm confused. Does each of your sites have its own /www & config.inc.php? If so, wouldn't separate $CONFIG['DATA_PATH'] paths take care to separate the data & templates_c directories? \\Greg On Tue, Jun 19, 2012 at 2:28 PM, Alessandro Briosi <ts...@br...>wrote: > Il 19.06.2012 19:53 Bob Miller ha scritto: > > Greetings, > > > > I have set up openupload as a multisite installation on a server that > > uses mpm-itk. In case you are not familiar, mpm-itk is an apache2 > > package that changes uid of the web server based on the URL it is > > serving, so that each site can be owned by an individual user. > > Similar > > to suexec, and others I am sure. > > > > The problem I am encountering is with making the templates_c > > directory > > writable by the web server. Since the web server has a different uid > > depending on the site it is serving, owning the templates_c directory > > to > > the web server denies access to the directory. > > > > This creates a situation where I need to either make the templates_c > > directory world writable (undesirable on several levels), or I need > > to > > add each site's uid to a group and grant that group write access to > > templates_c (better, but administratively burdensome). Both of these > > ideas tested as working on a sandbox server, but I am searching for > > better options for production use. > > > > If the world was aligned to my desires, I would be able to have a > > separate templates_c directory for each site on the server that I > > could > > keep with each site's data and www directory. So far no amount of > > experimenting or googling has led me to a method where this can be > > accomplished, and I am not so good with code that I have been able to > > decipher where or how I might implement that. > > > > So the questions would be: is it possible to have a separate > > templates_c > > directory for each site? If there is any documentation, I haven't > > found > > it, a pointer would be kindly appreciated. And, assuming I cannot > > have > > a separate templates_c directory for each site, can anyone suggest a > > cleaner way to allow all sites write access to the templates_c > > directory? > > > > Yes it's possible and it's even already available (not documented > though). > Use the $CONFIG['SMARTY_DATA'] variable. > > For more information look at the lib/base.inc.php > > Alessandro > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel > |
|
From: Bob M. <bo...@co...> - 2012-06-19 20:40:19
|
Hi Greg, On Tue, 2012-06-19 at 15:15 -0400, gmartin wrote: > I'm confused. You are not alone!! ;) > Does each of your sites have its own /www & config.inc.php? Yes > If so, wouldn't separate $CONFIG['DATA_PATH'] paths take care to > separate the data & templates_c directories? Fortunately Alessandro's answer allows me to answer you. The DATA_PATH variable makes no effect on the template_c directories. if you look in lib/main.inc.php, you will find this: $this->config['INSTALL_ROOT'].'/templates_c/' Which I interpret to mean that it will look for the templates_c directory in the INSTALL_ROOT location, which is where all the other folders like lib and locale reside. Therefor, regardless of how you configure your data directory, the templates_c has to live with the other files. However, a new variable now exists that allows the templates_c directory to be defined just the like the data directory can be defined. In your config file, use $CONFIG['SMARTY_DATA'] to define the templates_c directory and the $CONFIG['DATA_PATH'] to define the data directory. At least that seems to be working for me... > > > > On Tue, Jun 19, 2012 at 2:28 PM, Alessandro Briosi > <ts...@br...> wrote: > Il 19.06.2012 19:53 Bob Miller ha scritto: > > Greetings, > > > > I have set up openupload as a multisite installation on a > server that > > uses mpm-itk. In case you are not familiar, mpm-itk is an > apache2 > > package that changes uid of the web server based on the URL > it is > > serving, so that each site can be owned by an individual > user. > > Similar > > to suexec, and others I am sure. > > > > The problem I am encountering is with making the templates_c > > directory > > writable by the web server. Since the web server has a > different uid > > depending on the site it is serving, owning the templates_c > directory > > to > > the web server denies access to the directory. > > > > This creates a situation where I need to either make the > templates_c > > directory world writable (undesirable on several levels), or > I need > > to > > add each site's uid to a group and grant that group write > access to > > templates_c (better, but administratively burdensome). Both > of these > > ideas tested as working on a sandbox server, but I am > searching for > > better options for production use. > > > > If the world was aligned to my desires, I would be able to > have a > > separate templates_c directory for each site on the server > that I > > could > > keep with each site's data and www directory. So far no > amount of > > experimenting or googling has led me to a method where this > can be > > accomplished, and I am not so good with code that I have > been able to > > decipher where or how I might implement that. > > > > So the questions would be: is it possible to have a separate > > templates_c > > directory for each site? If there is any documentation, I > haven't > > found > > it, a pointer would be kindly appreciated. And, assuming I > cannot > > have > > a separate templates_c directory for each site, can anyone > suggest a > > cleaner way to allow all sites write access to the > templates_c > > directory? > > > > > Yes it's possible and it's even already available (not > documented > though). > Use the $CONFIG['SMARTY_DATA'] variable. > > For more information look at the lib/base.inc.php > > Alessandro > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security > and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the latest > in malware > threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ Openupload-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openupload-devel -- Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca bo...@co... Network, Internet, Server, and Open Source Solutions |
|
From: gmartin <gm...@gm...> - 2012-06-20 17:26:59
|
I have an SVN version running and have set the DATA_PATH set to a locaation outside of www. under that location are the templates_c and files directories. In other words, if I had two sites installed and defined two DATA_PATHs it appears that would separate the templates_c directories. \\Greg On Tue, Jun 19, 2012 at 4:40 PM, Bob Miller <bo...@co...> wrote: > Hi Greg, > > On Tue, 2012-06-19 at 15:15 -0400, gmartin wrote: > > I'm confused. > > You are not alone!! ;) > > > Does each of your sites have its own /www & config.inc.php? > > Yes > > > If so, wouldn't separate $CONFIG['DATA_PATH'] paths take care to > > separate the data & templates_c directories? > > > Fortunately Alessandro's answer allows me to answer you. > > The DATA_PATH variable makes no effect on the template_c directories. > if you look in lib/main.inc.php, you will find this: > > $this->config['INSTALL_ROOT'].'/templates_c/' > > Which I interpret to mean that it will look for the templates_c > directory in the INSTALL_ROOT location, which is where all the other > folders like lib and locale reside. Therefor, regardless of how you > configure your data directory, the templates_c has to live with the > other files. > > However, a new variable now exists that allows the templates_c directory > to be defined just the like the data directory can be defined. In your > config file, use $CONFIG['SMARTY_DATA'] to define the templates_c > directory and the $CONFIG['DATA_PATH'] to define the data directory. At > least that seems to be working for me... > > > > > > > > > On Tue, Jun 19, 2012 at 2:28 PM, Alessandro Briosi > > <ts...@br...> wrote: > > Il 19.06.2012 19:53 Bob Miller ha scritto: > > > Greetings, > > > > > > I have set up openupload as a multisite installation on a > > server that > > > uses mpm-itk. In case you are not familiar, mpm-itk is an > > apache2 > > > package that changes uid of the web server based on the URL > > it is > > > serving, so that each site can be owned by an individual > > user. > > > Similar > > > to suexec, and others I am sure. > > > > > > The problem I am encountering is with making the templates_c > > > directory > > > writable by the web server. Since the web server has a > > different uid > > > depending on the site it is serving, owning the templates_c > > directory > > > to > > > the web server denies access to the directory. > > > > > > This creates a situation where I need to either make the > > templates_c > > > directory world writable (undesirable on several levels), or > > I need > > > to > > > add each site's uid to a group and grant that group write > > access to > > > templates_c (better, but administratively burdensome). Both > > of these > > > ideas tested as working on a sandbox server, but I am > > searching for > > > better options for production use. > > > > > > If the world was aligned to my desires, I would be able to > > have a > > > separate templates_c directory for each site on the server > > that I > > > could > > > keep with each site's data and www directory. So far no > > amount of > > > experimenting or googling has led me to a method where this > > can be > > > accomplished, and I am not so good with code that I have > > been able to > > > decipher where or how I might implement that. > > > > > > So the questions would be: is it possible to have a separate > > > templates_c > > > directory for each site? If there is any documentation, I > > haven't > > > found > > > it, a pointer would be kindly appreciated. And, assuming I > > cannot > > > have > > > a separate templates_c directory for each site, can anyone > > suggest a > > > cleaner way to allow all sites write access to the > > templates_c > > > directory? > > > > > > > > > Yes it's possible and it's even already available (not > > documented > > though). > > Use the $CONFIG['SMARTY_DATA'] variable. > > > > For more information look at the lib/base.inc.php > > > > Alessandro > > > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > > Exclusive live event will cover all the ways today's security > > and > > threat landscape has changed and how IT managers can respond. > > Discussions > > will include endpoint security, mobile security and the latest > > in malware > > threats. > > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ > > Openupload-devel mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/openupload-devel > > > > > > > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > > Exclusive live event will cover all the ways today's security and > > threat landscape has changed and how IT managers can respond. Discussions > > will include endpoint security, mobile security and the latest in malware > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ Openupload-devel mailing > list Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel > > -- > Bob Miller > 867-334-7117 / 867-633-3760 > http://computerisms.ca > bo...@co... > Network, Internet, Server, > and Open Source Solutions > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel > |
|
From: Bob M. <bo...@co...> - 2012-06-20 18:27:17
|
Hi Greg, What you describe didn't work for me. Once I removed the templates_c folder from the INSTALL_ROOT, everything broke. As I understand things, you have would have to have two unique DATA_PATHs and two unique INSTALL_ROOTs configured to get the situation you describe. As I have it now, I have one INSTALL_ROOT that is configured the same for every site, and a DATA_PATH and a SMARTY_DATA that is unique for every site. Hope that helps... On Wed, 2012-06-20 at 13:26 -0400, gmartin wrote: > I have an SVN version running and have set the DATA_PATH set to a > locaation outside of www. under that location are the templates_c and > files directories. In other words, if I had two sites installed and > defined two DATA_PATHs it appears that would separate the templates_c > directories. > > > \\Greg > > > > On Tue, Jun 19, 2012 at 4:40 PM, Bob Miller <bo...@co...> > wrote: > Hi Greg, > > On Tue, 2012-06-19 at 15:15 -0400, gmartin wrote: > > I'm confused. > > You are not alone!! ;) > > > Does each of your sites have its own /www & > config.inc.php? > > > Yes > > > If so, wouldn't separate $CONFIG['DATA_PATH'] paths take > care to > > separate the data & templates_c directories? > > > > Fortunately Alessandro's answer allows me to answer you. > > The DATA_PATH variable makes no effect on the template_c > directories. > if you look in lib/main.inc.php, you will find this: > > $this->config['INSTALL_ROOT'].'/templates_c/' > > Which I interpret to mean that it will look for the > templates_c > directory in the INSTALL_ROOT location, which is where all the > other > folders like lib and locale reside. Therefor, regardless of > how you > configure your data directory, the templates_c has to live > with the > other files. > > However, a new variable now exists that allows the templates_c > directory > to be defined just the like the data directory can be > defined. In your > config file, use $CONFIG['SMARTY_DATA'] to define the > templates_c > directory and the $CONFIG['DATA_PATH'] to define the data > directory. At > least that seems to be working for me... > > > > > > > > > On Tue, Jun 19, 2012 at 2:28 PM, Alessandro Briosi > > <ts...@br...> wrote: > > Il 19.06.2012 19:53 Bob Miller ha scritto: > > > Greetings, > > > > > > I have set up openupload as a multisite > installation on a > > server that > > > uses mpm-itk. In case you are not familiar, > mpm-itk is an > > apache2 > > > package that changes uid of the web server based > on the URL > > it is > > > serving, so that each site can be owned by an > individual > > user. > > > Similar > > > to suexec, and others I am sure. > > > > > > The problem I am encountering is with making the > templates_c > > > directory > > > writable by the web server. Since the web server > has a > > different uid > > > depending on the site it is serving, owning the > templates_c > > directory > > > to > > > the web server denies access to the directory. > > > > > > This creates a situation where I need to either > make the > > templates_c > > > directory world writable (undesirable on several > levels), or > > I need > > > to > > > add each site's uid to a group and grant that > group write > > access to > > > templates_c (better, but administratively > burdensome). Both > > of these > > > ideas tested as working on a sandbox server, but I > am > > searching for > > > better options for production use. > > > > > > If the world was aligned to my desires, I would be > able to > > have a > > > separate templates_c directory for each site on > the server > > that I > > > could > > > keep with each site's data and www directory. So > far no > > amount of > > > experimenting or googling has led me to a method > where this > > can be > > > accomplished, and I am not so good with code that > I have > > been able to > > > decipher where or how I might implement that. > > > > > > So the questions would be: is it possible to have > a separate > > > templates_c > > > directory for each site? If there is any > documentation, I > > haven't > > > found > > > it, a pointer would be kindly appreciated. And, > assuming I > > cannot > > > have > > > a separate templates_c directory for each site, > can anyone > > suggest a > > > cleaner way to allow all sites write access to the > > templates_c > > > directory? > > > > > > > > > Yes it's possible and it's even already available > (not > > documented > > though). > > Use the $CONFIG['SMARTY_DATA'] variable. > > > > For more information look at the lib/base.inc.php > > > > Alessandro > > > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > > Exclusive live event will cover all the ways today's > security > > and > > threat landscape has changed and how IT managers can > respond. > > Discussions > > will include endpoint security, mobile security and > the latest > > in malware > > threats. > > > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ > > Openupload-devel mailing list > > Ope...@li... > > > https://lists.sourceforge.net/lists/listinfo/openupload-devel > > > > > > > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > > Exclusive live event will cover all the ways today's > security and > > threat landscape has changed and how IT managers can > respond. Discussions > > will include endpoint security, mobile security and the > latest in malware > > threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel > > > -- > Bob Miller > 867-334-7117 / 867-633-3760 > http://computerisms.ca > bo...@co... > Network, Internet, Server, > and Open Source Solutions > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security > and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the latest > in malware > threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ Openupload-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openupload-devel -- Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca bo...@co... Network, Internet, Server, and Open Source Solutions |
|
From: Alessandro B. <ts...@br...> - 2012-06-21 21:19:19
|
Il 20.06.2012 20:27 Bob Miller ha scritto: > Hi Greg, > > What you describe didn't work for me. Once I removed the templates_c > folder from the INSTALL_ROOT, everything broke. As I understand > things, > you have would have to have two unique DATA_PATHs and two unique > INSTALL_ROOTs configured to get the situation you describe. > > As I have it now, I have one INSTALL_ROOT that is configured the same > for every site, and a DATA_PATH and a SMARTY_DATA that is unique for > every site. > > Hope that helps... > Well, you are both correct :) In v. 0.4.x the templates_c is under the INSTALL_ROOT while in SVN version (alpha 0.5 ? ) the templates_c is under the DATA_PATH which I think it should belong. Of course you are free to modify the behaviour. Alessandro |
|
From: gmartin <gm...@gm...> - 2012-06-21 21:30:15
|
Thanks. I'd guessed it had changed. On Thursday, June 21, 2012, Alessandro Briosi wrote: > Il 20.06.2012 20:27 Bob Miller ha scritto: > > Hi Greg, > > > > What you describe didn't work for me. Once I removed the templates_c > > folder from the INSTALL_ROOT, everything broke. As I understand > > things, > > you have would have to have two unique DATA_PATHs and two unique > > INSTALL_ROOTs configured to get the situation you describe. > > > > As I have it now, I have one INSTALL_ROOT that is configured the same > > for every site, and a DATA_PATH and a SMARTY_DATA that is unique for > > every site. > > > > Hope that helps... > > > > Well, you are both correct :) > > In v. 0.4.x the templates_c is under the INSTALL_ROOT > while in SVN version (alpha 0.5 ? ) the templates_c is under the > DATA_PATH which I think it should belong. > > Of course you are free to modify the behaviour. > > Alessandro > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Openupload-devel mailing list > Ope...@li... <javascript:;> > https://lists.sourceforge.net/lists/listinfo/openupload-devel > -- \\Greg |
Thanks for helping keep SourceForge clean.
X