[ixpmanager] Users and permissions (bower upgrade problems)

Hege Trosvik hege.trosvik at usit.uio.no
Wed Mar 29 12:43:10 IST 2017 

Thanks, Barry, much better.

I'll see if I can clean up the fedora script
enough to be suitable for public display :-)

    Hege

On Wed, Mar 29, 2017 at 12:15:14PM +0100, Barry O'Donovan wrote:
> 
> 
> Hege Trosvik wrote:
> > I have modified the ubuntu install-script to work for fedora,
> 
> Cool! If you're happy to support (and maintain) it we'd love to add it to
> the list of installers. See the CLA / contributing guidelines at [1].
> 
> > and I assume the install-scripts are meant to be run as root.
> 
> Yes.
> 
> > This is working fine, until I now try to do an upgrade strictly
> <snip>
> > before doing:
> > 
> > chown -R root: ${IXPROOT}
> > chown -R www-data: ${IXPROOT}/storage ${IXPROOT}/var ${IXPROOT}/bootstrap/cache ${IXPROOT}/database/Proxies&>>  /tmp/ixp-manager-install.log
> 
> So the above could be amended to include:
> 
> ${IXPROOT}/bower.json ${IXPROOT}/public/bower_components
> 
> (and ${IXPROOT}/vendor actually).
> 
> but you may still get permission errors depending on your www-data's home
> directory permissions.
> 
> It's not advisable to run bower as root but exactly how this will work in
> the long term really depends on your individual setup / sysadmin
> preferences.
> 
> With the above added to chown, this will work fine:
> 
> sudo -u www-data bash -c "HOME=/var/tmp && cd ${IXPROOT} && bower
> --config.interactive=false -f update"
> 
> For a more permanent store for bower cached items, this is probably better:
> 
> sudo -u www-data bash -c "HOME=${IXPROOT}/storage cd ${IXPROOT}/ && bower
> --config.interactive=false -f update"
> 
> 
> I've updated the docs to reflect this:
> 
> https://ixp-manager.readthedocs.io/en/latest/install/upgrading/
> 
>  - Barry
> 
> 
> 
> > When I follow the docs to do an upgrade, I also do it as root,
> > but "bower install" does not want to be run as root, and the
> > "sudo -u www-data..." (or sudo -u apache for fedora) does not
> > work as most of $IXPROOT is now owned by root.
> > 
> > Any recommendations for users/permissions here?
> > 
> 
> [1] https://github.com/inex/IXP-Manager/blob/master/CONTRIBUTING.md
> 
> >      Hege
> > 
> > 
> > 
> > _______________________________________________
> > INEX IXP Manager mailing list
> > ixpmanager at inex.ie
> > https://www.inex.ie/mailman/listinfo/ixpmanager
> 
> -- 
> 
> Kind regards,
> Barry O'Donovan
> INEX Operations
> 
> https://www.inex.ie/support/
> +353 1 531 3339
>

More information about the ixpmanager mailing list