[Cubicweb] CubicWeb: 'system' instance on a server

Christophe de Vienne christophe at unlish.com
Fri May 23 17:09:07 CEST 2014


I cannot answer directly to your question, but it raises an interesting
point :

We should be able to run "system" instances as non-root. I could do this
successfully after changing rights on a few files (the log directory for
example), so I guess it would not be difficult to add as a native feature.

Has anything been done about this ?



Le 23/05/2014 16:56, Dimitri Papadopoulos Orfanos a écrit :
> Dear all,
> I had already written to this list about the way CubicWeb instances are
> started on a server.
> On an Ubuntu server, a "system" instance needs access to several resources:
> * /etc/cubicweb.d: must be accessed as 'root',
> * PostgreSQL: accessed both as 'root' and as 'cubicweb' or whatever
> 'uid' is declared in all-in-one.conf - 'aims' in our case.
> The good side of "system" instances is that they are automatically
> started at boot time, that logs live in /var/log and are rotated as
> expected, etc.
> There is a bad side to "system" instances - but maybe you can help us
> work around it. We would like our Python scripts to run as 'aims' while
> at the same time opening a session in the CubicWeb instance. This
> doesn't work, the CubicWeb code called by the script complains that
> /etc/cubicweb.d cannot be accessed. We would like to avoid scripts
> running as 'root' on a server. Can you think of a clean way (not a hack)
> to start our scripts not as 'root' but as 'aims'? Alternatively, do you
> have an example of how to switch to 'aims' after having started the
> script as 'root'?
> Best,

More information about the Cubicweb mailing list