Been loving Cherokee so far, but there is one gripe (bug?) I have about how it spawns processes for information sources: Execute as User only works when the server is running as root. This is technically correct, but gives me a sadface for usability and security.
The default configuration for the PPA builds (don't know if this is overall default) is to run the server/workers as www-data. Poking through the process list shows that cherokee runs as root, and cherokee-worker children run as www-data. This is fine. What I don't like is that the interpreters (php-cgi in this case) are spawned as www-data, even though I have specified another user to execute as. Here's a snippet of my process tree right now if that doesn't make sense: http://pastebin.com/f7edfb418 Apache has a similar process structure: the main apache2 process runs as root, while workers run as www-data. However, it is able to spawn interpreters/php-cgi as other users through the use of its own suexec binary. I was able to get lighttpd to cooperate in this way as well. However, I haven't been able to get Cherokee to do this without running as root or spawning the processes by myself, neither of which are great options. I've done the whole delete-the-socket-after-changing-config and restart the server dances, but they don't seem to be helping. The relevant cherokee.conf bits I have are here, though it's a fairly stock configuration save for some interpreter changes. http://pastebin.com/f9897a81 Is there any way to accomplish this? I would love to put Cherokee on my main server, though this is the one feature that is preventing me from doing so. Even if this is 100% not possible at the moment, the admin interface should at least raise an error if the server is not set to run as root to prevent confusion. Jacob Peddicord http://jacob.peddicord.net [email protected] [email protected]
_______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
