[Cubicweb] CubicWeb: 'system' instance on a server

Julien Cristau julien.cristau at logilab.fr
Mon May 26 11:36:05 CEST 2014


On Mon, May 26, 2014 at 11:26:21 +0200, Dimitri Papadopoulos Orfanos wrote:

> Hi Julien,
> 
> Would it make sense to open a ticket and suggest as a future improvement
> that these files are made readable by default by a different user/group?
> Note that because the 'uid' attribute is set in 'all-in-one.conf' (after
> creating files 'sources' and 'all-in-one.conf') this could be enforced
> for example when first running 'cubicweb-ctl' after modifying
> 'all-in-one.conf'.
> 
> Alternatively the deployment documentation could be expanded to cover
> such subjects: files used by an instance, suggested owner or access
> rights, etc.
> 
That really is site specific, there's no one-size-fits-all answer here
I'm afraid.

> Access to 'sources' is limited because it contains sensitive information
> such as passwords:
> 
Well yes, but if you need it accessible by non-root, it can still be
made readable by a group.

Cheers,
Julien
-- 
Julien Cristau          <julien.cristau at logilab.fr>
Logilab		        http://www.logilab.fr/
Informatique scientifique & gestion de connaissances



More information about the Cubicweb mailing list