Hi Stephan, On Wed, Jul 29, 2015 at 5:28 PM, Paul Pereira <[email protected]> wrote:
> It's not common practice (for me, at least) to put the repo file in a path > reachable by www clients. On my hoster all of my CGI-hosted repos live in > some dir under my home dir, writable by my account, the CGI scripts all > point to those, and sqlite writes its temp files there (unless i'm sorely > mistaken and it's using /tmp). It sounds to me like the message is just a > bit vague/generic. The path /var/www is the chroot folder. It is not publicly visible by www clients. The default document root is /var/www/htdocs. The fossil is in /var/www/fossil/... because it must be accessible by the CGI script in /var/www/cgi-bin. As far as the script is concerned, the path to the fossil is at /fossil/... The CGI script cannot see my home directory or anything outside of /var/www due to the chroot (change root). The Fossil program is located at /var/www/usr/local/bin/fossil, and the required libraries are also under /var/www . Based on the current documentation, I thought that Fossil would create its temporary files in the directory of the repository, but that was not the case. It attempted to create its temporary files in the directory of the script, /var/www/cgi-bin, since I had not provided a /tmp folder. I believe this is due to sqlite3's default behaviour, which would normally make sense were it not for the fact that the database is being accessed indirectly through the CGI script in the cgi-bin directory. I am only pointing this out because the error message suggested that Fossil requires permissions that would make its use insecure. It stated it could not create files in the CGI script's own directory, which is cgi-bin. >> The current permissions requirements state: ... > Can you suggest specific improvements to that (IIRC those instructions were > written over 5 years ago)? I would add - Fossil must be able to create temporary files, the default directory for which depends on the OS. When the CGI process is operating within a chroot, ensure that this directory exists and is readable/writeable by the user who executes the Fossil binary. Regards, Paul Pereira
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
