[rt-devel] observations about the 1.3 install script

Tobias Brox tobiasb at tobiasb.funcom.com
Mon May 29 06:05:22 EDT 2000


> In 1.90.2.75 from CVS:
> 
> The `dirs' target doesn't create the WEBRT_DATA_PATH directory, so
> fixperms fails.

Thanks, it should be OK now (I hope :)

> Also, I don't think these lines are really right:
> 
> 	chown -R $(RTUSER) $(RT_PATH)
> 	chgrp -R $(RTGROUP) $(RT_PATH)  

Hm.  Better suggestions?  Do we really need them?  Maybe we should do a
check on whether the dirs exists first?

I've made a "if not exist" test around this, but it's not tested yet and
I'm not sure if it works.  Can somebody please look over it? :)

> Firstly, they break badly if RT_PATH is /usr/local.

Ouch.

> Or is that not supposed to happen.

I think it should be possible to use /usr/local or another similar
shared root, yes...

> Secondly, if RT is going to run as user rt.rt then it's probably more
> secure *not* to have that user own those scripts and configuration files,
> if that's possible.  Rather the webmaster or root should own them.  Would
> this fit into the design of RT?

For RT2 it really shouldn't matter.  The only thing that matters is that
it should be able to read the DB password ... I think it's stored in
config.pm as for now.  That means config.pm must be readable only for the
RT scripts.  I think Jesse has some thoughts about this, anyway?

> Also, could the rtmux.pl script perhaps
> be setgid rather than setuid?

I guess that's the plan.

-- 
"The trouble with the world is that the stupid are
 cocksure and the intelligent are full of doubt."
- Bertrand Russell







More information about the Rt-devel mailing list