[Cubicweb] CubicWeb: 'system' instance on a server
Christophe de Vienne
christophe at unlish.com
Fri May 23 17:29:36 CEST 2014
Le 23/05/2014 17:22, Dimitri Papadopoulos Orfanos a écrit :
> Hi Christophe,
> There are a few caveats:
> * When rotating logs, the new logs belong to root:adm or something like
> that by default. It should be possible to tell rotate to create the new
> logs as cubicweb:cubicweb for example, like /var/log/postgresql belongs
> to posgres for example. But then you have no choice, you cannot start
> CubicWeb as 'aims' or whatever alternate account you need, just 'cubicweb'.
It is easy to configure logrotate differently for each instance.
> * You will have to write your own startup script in /etc/init or
> /etc/init.d, unless again instances are always started as 'cubicweb'.
> In short, I believe it should already be possible to start all CubicWeb
> instances as 'cubicweb'. But then you loose the flexibility of starting
> them from alternate accounts - such as 'aims' in our case - using the
> 'uid' attribute in all-in-one.conf. Unless I am mistaken, there is a
> trade-off here - and this trade-off looks like a general Linux issue.
I forgot about the 'uid' parameter. Isn't it honored by the default init
script ? Because it sounds like the solution for you (setting uid="aims").
> Le 23/05/2014 17:09, Christophe de Vienne a écrit :
>> I cannot answer directly to your question, but it raises an interesting
>> point :
>> We should be able to run "system" instances as non-root. I could do this
>> successfully after changing rights on a few files (the log directory for
>> example), so I guess it would not be difficult to add as a native feature.
>> Has anything been done about this ?
More information about the Cubicweb