[tech] Website on mantis

David Adam zanchey at ucc.gu.uwa.edu.au
Tue Aug 20 13:35:10 WST 2013


I have fixed a couple of things with the website on mantis. This may make 
little or no sense.

1. suexec - as those who have tried to make it work are aware, we compile 
our own version of suexec so that we can run Wheel members files (gid=0). 
Arguably gid=0 for wheel members is a bit stupid but that is a different 
discussion for a different time. The "real" suexec from the Debian package 
is diverted with dpkg-divert, and our recompiled one (which is in source 
at /usr/src/apache-2.2.22 or so) placed in /usr/lib/apache2/suexec . This 
is noted in /usr/lib/apache2/README.suexec-broken-by-upgrade and 
/home/wheel/docs/ApacheUserCGISuexecHack . Various people had tried to 
make it work but it still wasn't 100% - in this case the new binary wasn't 
setuid, which it must be. Seems to be ok now.

2. ucc-parser oh man, the content management system. again another 
argument for another time, but the parser in 
/services/http/cgi-bin/ucc-parser requires xsltproc and xmllint to be 
installed on the machine. [SJY] fixed this, thanks. Note that ucc-parser 
generates .html from .ucc and caches the result, which means we didn't 
notice stuff was broken until someone made an update. Also we use a 
non-standard GID for www-data (it comes from LDAP, but conflicts with the 
default Debian install), so I changed the entry in /etc/passwd to be gid 
101 and also moved the /etc/group entry to wwwold-data (matching mussel). 
There's a group entry in /etc/group for www-data to have the right GID, 
otherwise the web server won't start if LDAP is down. Membership of that 
group is almost certainly ignored in every other case in preference to 
LDAP though.

Cheers,

David Adam
zanchey at ucc.gu.uwa.edu.au
Ask Me About Our SLA!


More information about the tech mailing list