Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#18412 - [cherokee] rights problem

Attached to Project: Community Packages
Opened by Filipp Andjelo (scorp) - Saturday, 20 February 2010, 19:02 GMT
Last edited by Evangelos Foutras (foutrelis) - Sunday, 21 February 2010, 18:11 GMT
Task Type Feature Request
Category Packages
Status Closed
Assigned To Evangelos Foutras (foutrelis)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

Cherokee server daemon is running with root rights. I don't like that, it would be nice to have s.t.
like /etc/conf.d/cherokee, where you can setup a user (default http?) to run the daemon with. After all,
cherokee-admin, which is needed for administration, is either to run by root only, or you'll not be
able to write configuration file.

Default, you have to access cherokee-admin web interface from the same machine, cherokee was started
on, or to pipe everything over SSH. I have a server, which has remote root access deactivated and no
X Server at all. But if you deactivated remote root access, then you'll not be able to start
cherokee-admin to configure the web server. Logical deadlock :)

If s.o. has a solution already, then it's time to share it. If not, I'll try to rewrite the PKGBUILD
a little and will put my solution here.


This task depends upon

Closed by  Evangelos Foutras (foutrelis)
Sunday, 21 February 2010, 18:11 GMT
Reason for closing:  Not a bug
Comment by Evangelos Foutras (foutrelis) - Sunday, 21 February 2010, 00:07 GMT
The parent cherokee process runs as root, yes. That is the correct behavior and makes spawning of new processes as another user possible. This was introduced in 0.99.12 [1] and doesn't pose a security vulnerability. Note that the child process that serves the requests (cherokee-worker) runs as the http user.

Regarding the second problem, what I do is forward the 9090 port of my local machine to the server via SSH and then use either su or sudo to launch cherokee-admin as root. Then you can simply navigate to localhost:9090 to access the administration interface. The parameter that needs to be passed to `ssh' for this configuration is '-L9090:localhost:9090'.

Hope this answers your concerns. If you agree, I'll go ahead and close this bug report.

----
[1] http://groups.google.com/group/cherokee-http/browse_thread/thread/94682458c685f8e2/eabd5c4e869ed772
Comment by Filipp Andjelo (scorp) - Sunday, 21 February 2010, 17:44 GMT
Thank you very much for the answer. I'll follow your advise, so you can close the report. Thank you.

Loading...