Hello Tibor, > On Thu, 09 Jul 2009, Theodoropoulos Theodoros wrote: >> I uploaded several files (with bibupload, using FFT syntax) and I >> realized that the actual files/directories were created with root:root >> permissions (probably because it was root user that run bibupload). This >> is OK in general, but later web-submitted actions with SRV/bibdocfile >> for that record's docfile produce errors (permission denied). > > Yes; the dirs had better be owned by (or made writable by) Apache. In > the git/master version of CDS Invenio, we have improved user checking so > as to strictly enforce that bibsched tasks (including bibupload) would > run under the same user identity as the Apache application. (See also > CFG_BIBSCHED_PROCESS_USER.) > > Maybe we could go one step further and, as part of the installation > process, instruct how to create a new user called `invenio' and to run > the whole shebang under its identity...
That's what I have been doing since I started with Invenio a while ago [1] following a suggestion your suggestion [2]. Otherwise the whole issue of files and dirs ownership became a mess. And now, while (still) working on two different instances of Invenio in a single server, this solution has been more clear. Today we are working on how to make two instances of Apache running as two different users while still keeping as much as Debian original configuration as possible. If you are thinking about this `invenio' user, please don't make it hardcoded, because in my case I prefer having the specific name of each of my instances. Thanks, Ferran [1] http://cdsware.cern.ch/lists/project-cdsware-users/archive/msg00355.shtml [2] http://cdsware.cern.ch/lists/project-cdsware-users/archive/msg00109.shtml
