On Wed, Jun 15, 2011 at 10:12:42AM -0400, Jeremiah Dodds wrote: > Afaict, something along those lines will be a requirement, at least for > development machines where people are editing code as a "normal" user, and > serving out of the directory they're working in (and not having apache or > whatnot setup to serve out of that directory as their user).
I would not have my main code set as www-data anyway, not dev, nor production. > On a prod machine, I would guess that the console jobs would be run rarely > if ever. This notion puzzles me. I have never done any Symfony project that was web frontend only. One was two frontends (REST/XML and administration) and a set of console tasks and in another we use Gearman to help us organize the background jobs. Having to be able to deal with console and web living together also in production is definately not bikeshedding but a serious issue. One could argue that the simple solution to this is to run console apps as the www user and I have to admit I cannot find any good reasons not to. Keeping the code non-writeable by the cli/http user is a no-brainer anyway. I use the umask-trick for now, in dev that is. Not being thread safe does not matter that much there and performance testing should be done on a staging rig anyway. To be sure the trick with chgrp and umask works OK you should also do a sudo chgrp www-data app/cache sudo chmod g+s app/cache which makes all files under that directory belonging to www-data. Then cli-created files and directories won't mess up for web use. Thomas. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
