[jira] [Commented] (COUCHDB-2638) CouchDB should not be writing /etc/couchdb/local.ini

Sun, 15 Mar 2015 04:00:59 -0700 

    [ 
https://issues.apache.org/jira/browse/COUCHDB-2638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14362337#comment-14362337
 ] 

Yuri commented on COUCHDB-2638:
-------------------------------

This strikes me as an error prone configuration.
I am often in admin role too, and the usual practice is that admin does edit 
files by hand, and in many cases without stopping the process. This is because 
most other config files aren't touched by the corresponding processes. CoachDB 
is an outlier in this respect, and therefore many admins simply won't expect 
such behavior, that is why this is an error prone situation.

I will submit a patch to correct permissions for local.ini in FreeBSD as a 
workaround, but I am sure many admins will agree with me that this is a problem.

> CouchDB should not be writing /etc/couchdb/local.ini
> ----------------------------------------------------
>
>                 Key: COUCHDB-2638
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2638
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>            Reporter: Yuri
>
> I am getting such messages in log on FreeBSD:
> > Could not write config file /usr/local/etc/couchdb/local.ini: permission 
> > denied
> The problem is that CoachDB supplies the original copy of local.ini, and it 
> is treated as a template for this configuration file. It is placed into 
> /usr/local/etc/couchdb/local.ini.sample, and its copy is placed into 
> /usr/local/etc/couchdb/local.ini. Everything under /etc is what admin 
> configures. Ideally admin can compare local.ini and local.ini.sample and see 
> if anything in default configuration was modified compared to the suggested 
> sample.
> When the executable itself modifies local.ini too, this makes it very 
> confusing. Admin will be confused if he should or shouldn't touch this file.
> My suggestion is that CouchDB should copy local.ini under /var/db/, or 
> somewhere else, and write it there. /etc isn't supposed to be writable by the 
> process.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to