[ic] Re: Definite permission problems with Debian Install

Stefan Hornburg Racke interchange-users@interchange.redhat.com
Tue Apr 16 04:57:01 2002 

John Foster <jfoster@augustmail.com> writes:

> Should the IC user in Debian be www-data or the catalog owner? I finally
> got a catalog to run from the Debian installation system dselect. I did
> this by having the IC software installed by root (as required in Debian)
> with the IC server owned & run as a regular user, one with access to
> administer postgresql etc. I also set the foundation catalog to use this
> same user as owner. To get this all to work I had to change the
> permissions to 0755 on virtuall all of the parts of the IC system. This
> is a real security problem. I also ahd to change the permissions on
> /usr/lib/cgi-bin recursive to 0777 thus creating an even bigger problem.
> Now I can change all these back after I get the system running but this
> seems to be just not right to begin with. I also still am unable to get
> the admin-ui to allow the catalog owner to access it. I get a permission
> denied message from the https server. I also have tried to install about
> 10 catalogs using makecat and none of them will work properly, images
> and access seems to be messed up. I seem to remember from some previous
> debian attempts thet I need to somehow allow the apache server to be the
> IC user as www-data, hence my first question. Thanks.

As Debian maintainer of Interchange I have to add the following notes:
- I'm pretty confident that with a stock Debian Apache and a correctly
  configured https server you can install the interchange-* packages
  and let the Debian package build the demo catalog and you don't have
  permissions problems and similar glitches
- With using makecat manually you might run into problems. IMHO makecat
  isn't very flexible and extensible, so my task here isn't very easy.
  Please file bugs (http://bugs.debian.org/) if you have trouble here.
- The README.debian isn't very comprehensive. Please send patches,
  suggestions and/or documentation fragments.

The above applies to the packages in woody. Up-to-date potato packages
are available on request.

Famous last words: Sorry for that, John, but I suspect that your system
is misconfigured. As Debian maintainer I'm not able to cope with personal
Apache configurations.

Ciao
        Racke

-- 
Think of it !

For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)