[Tracker-discuss] file permissions on psf:~roundup/trackers/tracker/*

[Roché Compaan]

On Thu, 2006-11-23 at 08:15 -0800, Paul Dubois wrote:
> I don't know how you have the mail set up but if you use the 'alias'
> method then the mail user has to be in roundup user's group.

The mail is delivered as the roundup user, but if the files are owned by
www-data and not group writable it doesn't help.

The problem does not lie with mail delivery, since Postfix switches to
the roundup user and delivers the mail as the roundup user. Apache
however cannot run CGIs as another user. Having different users create
directories without them being group writable is the problem.

Directories are created allowing only the user to write to them by
default. To change this you have to modify the system umask which is not
an option security wise.

One might say that this is a Roundup software problem, but it is really
a problem with Apache - it's can't run a CGI under a different user. 

The permission problems you see will be a problem on all distros that
don't have a umask set to 0002 (and I don't think there is one).

-- 
Roché Compaan
Upfront Systems                   http://www.upfrontsystems.co.za