On Wed, Sep 29, 2010 at 2:05 PM, Noah Slater <[email protected]> wrote: > > On 28 Sep 2010, at 18:28, Benoit Chesneau wrote: > >> On Tue, Sep 28, 2010 at 6:49 PM, Noah Slater <[email protected]> wrote: >>> >>> On 28 Sep 2010, at 08:10, Benoit Chesneau wrote: >>> >>>> About /var/run vs /var/lib, that just sometimes you gave different >>>> privileges on this folders, giving the possibility to read one or not. >>>> This is not only a question of giving a "state". I'm actually thinking >>>> that we may want to have this info in /tmp path where we save >>>> generally such info. Dbus does this, mysql does this for the socket >>>> (by default) ... /tmp is available for everyone. While /var/run is >>>> working for root apps, it doesn't for apps launched per users. >>> >>> When you install CouchDB, you should configure the /var/run/couchdb >>> directory to be world readable and group/user writable. This keeps it >>> secure, while allowing process to read from it. I believe this is >>> documented in the README. I don't think the location of world writable >>> sockets is related. >> >> You expect here there will be one couchdb. But you could have a >> couchdb per user. Then you need to distinct each users. You could of >> course put all these users in /var/run, but this isn't something >> possible on all systems. You don't want /var/run world readable for >> some obvious security reason. > > Each CouchDB instance should be configured to use a separate directory: > > /srv/username1/var/run/couchdb > /srv/username2/var/run/couchdb > /srv/username3/var/run/couchdb > >
/srv is a linux thing. Please don't assume every system use the same rules. - benoît
