Skip to content
Snippets Groups Projects
Commit b40ef240 authored by Andrew Lee (李健秋)'s avatar Andrew Lee (李健秋) Committed by Héctor Orón Martínez
Browse files

Make passenger rubyapp runs as obsapi user. 

Passenger's default user is nobody:
 https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_default_user

So that we got Passenger and the RubyApp runs as nobody. However,
according to Debian's SystemGroup usage:
  https://wiki.debian.org/SystemGroups



nogroup (user: nobody): Daemons that need not own any files run as user
nobody and group nogroup. Thus, no files on a system should be owned by
this user or group.

So that we should create a new user call 'obapi' and force passenger app
to run as obs-api instead.

And config files should be readable by that obsapi user but usually not
writable.

Signed-off-by: default avatarAndrew Lee (李健秋) <ajqlee@debian.org>
Signed-off-by: default avatarHéctor Orón Martínez <hector.oron@collabora.com>
parent 9032743e
Branches
No related tags found
1 merge request!13T13997 Upgrading from OBS 2.7.1 to 2.7.4
Show whitespace changes
Inline Side-by-side
Showing
with 3 additions and 3 deletions
debian/rake-tasks.sh
+ 3
3
View file @ b40ef240
...@@ -26,10 +26,10 @@ case "$1" in ...@@ -26,10 +26,10 @@ case "$1" in
chown -R www-data:www-data /usr/share/obs/api/public chown -R www-data:www-data /usr/share/obs/api/public
chown www-data:www-data /etc/obs/api/config/production.sphinx.conf chown www-data:www-data /etc/obs/api/config/production.sphinx.conf
chmod 664 /var/log/obs/*.log chmod 664 /var/log/obs/*.log
chown obsapi:www-data /etc/obs/api/config/database.yml chown obsapi:obsapi /etc/obs/api/config/database.yml
chmod 440 /etc/obs/api/config/database.yml chmod 440 /etc/obs/api/config/database.yml
chown obsapi:www-data /var/log/obs/backend_access.log chown obsapi:obsapi /var/log/obs/backend_access.log
chown obsapi:www-data /var/log/obs/production.log chown obsapi:obsapi /var/log/obs/production.log
# Generate Gemfile.lock file. # Generate Gemfile.lock file.
cd /usr/share/obs/api cd /usr/share/obs/api
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment