Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 112114

Summary: webapp-config's defaut installation of php programs is not compatible with safe mode
Product: Gentoo Linux Reporter: Maurice Volaski <mvolaski>
Component: Current packagesAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Maurice Volaski 2005-11-10 13:58:34 UTC 
Safe mode in php requires that the file permissions of the running script match
those of file or directory being acted upon.

For the program PostNuke, which is installed by webapp-config, certain
directories must be writable by the apache process. The simplest way to
accomplish this is to have them owned by apache. However, safe_mode requires the
script acting on them have the same UID, which means they must be owned by
apache, too. By default, webapp-config installs files with root ownership.

As it stands now, webapp-config cannot install PostNuke to a workable state if
safe_mode is turned on.

The simplest way to solve this, I think, is to make the default owner for files
in the webapp-config file to match the user for the webserver.
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2005-11-10 14:00:24 UTC 
postnuke is not in portage at all.
Comment 2 Maurice Volaski 2005-11-10 14:41:56 UTC 
1) That PostNuke isn't portage does not preclude the fact that webapp-config is
not compatible with php safe_mode.

2) There is an ebuild for it PostNuke anyway,
http://bugs.gentoo.org/show_bug.cgi?id=38484
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2005-11-10 15:07:29 UTC 
I'm using many webapps from portage with php in safe mode and have exactly zero
problems with that. Have a look at webapp eclass and fix your postnuke ebuild so
that it uses webapp_serverowned() etc. where necessary.
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2005-11-10 15:22:29 UTC 
Other relevant info:

- http://dev.gentoo.org/~chriswhite/webapp_eclass.html
- /etc/vhosts/webapp-config (VHOST_DEFAULT_UID, VHOST_DEFAULT_GID)
Comment 5 Maurice Volaski 2005-11-10 16:35:16 UTC 
OK, it looks like the ebuild is broken. I commented on that here,
http://bugs.gentoo.org/show_bug.cgi?id=38484