i'm running passenger on the default apache user www-data, i didn't change nothing from the default apache/passenger installations.
i tried a little test.... i chown'ed the *detla* files to web:web, just like the *core* files and checked that it really happened. then, i ran "rake RAILS_ENV=production ts:index --rotate" and listed the files again. owner was again root. On May 23, 4:37 pm, Pat Allan <[email protected]> wrote: > Are your mongrels running as root? Or passenger? This is the process > that will invoke delta indexing, and thus overwrite the existing files > to new ones with root access only. > > -- > Pat > > On 23/05/2009, at 1:34 PM, Elad Meidar wrote: > > > > > Well, i moved everything to web > > (ts:stop, ts:index, :ts:start after clearing all the db/sphinx folder) > > > but still all the delta files are created under the root ownership, i > > really don't know why.. i am sure that only the web user is doing any > > kind of thinking_sphinx related actions. > > when i manually chown the files to be under the "web" user, deltas > > appear on search and everything is awesome. > > > this is my crontab for the web user... any idea how or who is changing > > those files ownerships? > > > */2 * * * * cd /var/www/statussearch2/current/ && rake > > RAILS_ENV=production ts:index --rotate > > * */5 * * * cd /var/www/statussearch2/current/ && rake > > RAILS_ENV=production ts:index > > > On May 23, 10:20 am, Elad Meidar <[email protected]> wrote: > >> well, the rake tasks are run by the deploying user, which is 'web' > > >> but i think that there are some cron tasks (--rotate for example) > >> that > >> are run by 'root' > > >> i'll move everything to 'web' and i'll see where it's heading. > > >> Thnx. > > >> On May 23, 2:19 am, James Healy <[email protected]> wrote: > > >>> Pat Allan wrote: > >>>> You need the web server and the rake tasks to be run by the same > >>>> user > >>>> - either both by root, or some other user of your choice. This > >>>> should > >>>> avoid any permissions issues. > > >>>> The *easiest* way is probably to run the rake tasks with sudo - not > >>>> convinced that's the *best* way though. Others may know better :) > > >>> As a general rule you really don't want to run internet accessible > >>> daemons as root. > > >>> I personally use the Debian convention of www-data user and group > >>> for my > >>> webserver, mongrels and cron triggered rake tasks. It doesn't > >>> matter too > >>> much which user you use, just pick or create one with reduced > >>> privileges. You want to minimise the impact of a malicious user > >>> finding > >>> an exploitable bug in the prcess. > > >>> -- James Healy <jimmy-at-deefa-dot-com> Sat, 23 May 2009 16:14:36 > >>> +1000 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Thinking Sphinx" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/thinking-sphinx?hl=en -~----------~----~----~----~------~----~------~--~---
