[tech] Website on mantis
David Adam
zanchey at ucc.gu.uwa.edu.au
Tue Aug 20 13:35:10 WST 2013
I have fixed a couple of things with the website on mantis. This may make
little or no sense.
1. suexec - as those who have tried to make it work are aware, we compile
our own version of suexec so that we can run Wheel members files (gid=0).
Arguably gid=0 for wheel members is a bit stupid but that is a different
discussion for a different time. The "real" suexec from the Debian package
is diverted with dpkg-divert, and our recompiled one (which is in source
at /usr/src/apache-2.2.22 or so) placed in /usr/lib/apache2/suexec . This
is noted in /usr/lib/apache2/README.suexec-broken-by-upgrade and
/home/wheel/docs/ApacheUserCGISuexecHack . Various people had tried to
make it work but it still wasn't 100% - in this case the new binary wasn't
setuid, which it must be. Seems to be ok now.
2. ucc-parser oh man, the content management system. again another
argument for another time, but the parser in
/services/http/cgi-bin/ucc-parser requires xsltproc and xmllint to be
installed on the machine. [SJY] fixed this, thanks. Note that ucc-parser
generates .html from .ucc and caches the result, which means we didn't
notice stuff was broken until someone made an update. Also we use a
non-standard GID for www-data (it comes from LDAP, but conflicts with the
default Debian install), so I changed the entry in /etc/passwd to be gid
101 and also moved the /etc/group entry to wwwold-data (matching mussel).
There's a group entry in /etc/group for www-data to have the right GID,
otherwise the web server won't start if LDAP is down. Membership of that
group is almost certainly ignored in every other case in preference to
LDAP though.
Cheers,
David Adam
zanchey at ucc.gu.uwa.edu.au
Ask Me About Our SLA!
More information about the tech
mailing list