Permissions on RT Config files

Hi,

I’ve managed to get RT running (Linux, Apache 2, Fastcgi, Perl 5.8, MySQL)
but had problems with the config files not being able to be read. Following
install, they had no world permissions (owned by root, rt group).

The ‘-f’ test in RT.pm was finding the file, however the ‘require’ was
failing. Setting world read permissions fixed things.

     if ( -f "$SITE_CONFIG_FILE" ) {
             require "$SITE_CONFIG_FILE"

Can anyone offer an explanation? Apache is running as nobody/nobody.

Thanks,

Dave

The ‘-f’ test in RT.pm was finding the file, however the ‘require’ was
failing. Setting world read permissions fixed things.
[snip]
Can anyone offer an explanation? Apache is running as nobody/nobody.

Did you run ./configure with the --with-web-user and --with-web-group
options? If you don’t specify those options, it defaults to the user
and group “www.” You may also want to check that all the owners and
groups are set right. Use the --help option for configure to see the
list of everything you can set.

Michael

Michael S. Liebman |“I have vision and the rest of the
|world wears bifocals.”
m-liebman@northwestern.edu |-Paul Newman as Butch Cassidy in
|“Butch Cassidy & the Sundance Kid”

At 01:09 26/09/2003, Michael S. Liebman wrote:

The ‘-f’ test in RT.pm was finding the file, however the ‘require’ was
failing. Setting world read permissions fixed things.
[snip]
Can anyone offer an explanation? Apache is running as nobody/nobody.

Did you run ./configure with the --with-web-user and --with-web-group
options?

Yes:

./configure
–prefix=/usr/local/rt3
–with-web-user=nobody
–with-web-group=nobody

You may also want to check that all the owners and
groups are set right.

What are the right settings? What should I be checking?

Thanks,

Dave

At 01:09 26/09/2003, Michael S. Liebman wrote:

The ‘-f’ test in RT.pm was finding the file, however the ‘require’
was
failing. Setting world read permissions fixed things.
[snip]
Can anyone offer an explanation? Apache is running as nobody/nobody.

Did you run ./configure with the --with-web-user and --with-web-group
options?

Yes:

./configure
–prefix=/usr/local/rt3
–with-web-user=nobody
–with-web-group=nobody

You may also want to check that all the owners and
groups are set right.

What are the right settings? What should I be checking?

You could see if a ‘make fixperms’ in the rt installation directory
helps. This checks all the files and permissions and should set them
accordingly. Basically, the Mason Component files need to be readable
by the apache process, and the log file, if configured, must be
writable.

Regards,
Harald

At 20:37 26/09/2003, Harald Wagener wrote:On Thu, Sep 25, 2003 at 09:36:16PM +1200, Dave Brooks, BCS Systems wrote:

The ‘-f’ test in RT.pm was finding the file, however the ‘require’ was
failing. Setting world read permissions fixed things.
[snip]
Can anyone offer an explanation? Apache is running as nobody/nobody.

What are the right settings? What should I be checking?

You could see if a ‘make fixperms’ in the rt installation directory helps.
This checks all the files and permissions and should set them accordingly.

This does:

chown -R root //usr/local/rt3/etc
chgrp -R rt //usr/local/rt3/etc
chmod 0550 //usr/local/rt3/etc/RT_Config.pm
chmod 0550 //usr/local/rt3/etc/RT_SiteConfig.pm

which means that RT.pm won’t be able to read the files when running as
‘nobody’. Is this intended? Shouldn’t it be set to 0555 ??

Thanks,

Dave

At 20:37 26/09/2003, Harald Wagener wrote:

The ‘-f’ test in RT.pm was finding the file, however the ‘require’ was
failing. Setting world read permissions fixed things.
[snip]
Can anyone offer an explanation? Apache is running as nobody/nobody.

What are the right settings? What should I be checking?

You could see if a ‘make fixperms’ in the rt installation directory helps.
This checks all the files and permissions and should set them accordingly.

This does:

chown -R root //usr/local/rt3/etc
chgrp -R rt //usr/local/rt3/etc
chmod 0550 //usr/local/rt3/etc/RT_Config.pm
chmod 0550 //usr/local/rt3/etc/RT_SiteConfig.pm

which means that RT.pm won’t be able to read the files when running as
‘nobody’. Is this intended? Shouldn’t it be set to 0555 ??

Generally, when apache starts up and requires the file, it’s still
running as a privileged user, iirc.

Thanks,

Dave

Request Tracker — Best Practical Solutions – Trouble Ticketing. Free.