[rt-devel] observations about the 1.3 install script
Tobias Brox
tobiasb at tobiasb.funcom.com
Mon May 29 06:05:22 EDT 2000
> In 1.90.2.75 from CVS:
>
> The `dirs' target doesn't create the WEBRT_DATA_PATH directory, so
> fixperms fails.
Thanks, it should be OK now (I hope :)
> Also, I don't think these lines are really right:
>
> chown -R $(RTUSER) $(RT_PATH)
> chgrp -R $(RTGROUP) $(RT_PATH)
Hm. Better suggestions? Do we really need them? Maybe we should do a
check on whether the dirs exists first?
I've made a "if not exist" test around this, but it's not tested yet and
I'm not sure if it works. Can somebody please look over it? :)
> Firstly, they break badly if RT_PATH is /usr/local.
Ouch.
> Or is that not supposed to happen.
I think it should be possible to use /usr/local or another similar
shared root, yes...
> Secondly, if RT is going to run as user rt.rt then it's probably more
> secure *not* to have that user own those scripts and configuration files,
> if that's possible. Rather the webmaster or root should own them. Would
> this fit into the design of RT?
For RT2 it really shouldn't matter. The only thing that matters is that
it should be able to read the DB password ... I think it's stored in
config.pm as for now. That means config.pm must be readable only for the
RT scripts. I think Jesse has some thoughts about this, anyway?
> Also, could the rtmux.pl script perhaps
> be setgid rather than setuid?
I guess that's the plan.
--
"The trouble with the world is that the stupid are
cocksure and the intelligent are full of doubt."
- Bertrand Russell
More information about the Rt-devel
mailing list