[Cubicweb] CubicWeb: 'system' instance on a server

Dimitri Papadopoulos Orfanos dimitri.papadopoulos at cea.fr
Mon May 26 11:26:21 CEST 2014


Hi Julien,

Would it make sense to open a ticket and suggest as a future improvement
that these files are made readable by default by a different user/group?
Note that because the 'uid' attribute is set in 'all-in-one.conf' (after
creating files 'sources' and 'all-in-one.conf') this could be enforced
for example when first running 'cubicweb-ctl' after modifying
'all-in-one.conf'.

Alternatively the deployment documentation could be expanded to cover
such subjects: files used by an instance, suggested owner or access
rights, etc.

Access to 'sources' is limited because it contains sensitive information
such as passwords:

  $ ls -l /etc/cubicweb.d/$instance/
  total 20
  -rw-r--r-- 1 root root 7851 avril  2 08:43 all-in-one.conf
  -rw-r--r-- 1 root root  210 avril  2 08:42 bootstrap_cubes
  drwxr-xr-x 5 root root 4096 avril  4 12:13 i18n
  -rw------- 1 root root  591 avril  2 08:42 sources
  $

Le 26/05/2014 10:20, Julien Cristau a écrit :
> It should be fine to run them as a dedicated unprivileged user.  Just
> make sure that user can read /etc/cubicweb.d/$instance/sources and
> all-in-one.conf.
> 
> Cheers,
> Julien

Best,
-- 
Dimitri Papadopoulos
CEA/Saclay
I2BM, NeuroSpin
F-91191 Gif-sur-Yvette cedex, France



More information about the Cubicweb mailing list