Changes between Version 53 and Version 54 of ServerIntro


Ignore:
Timestamp:
Apr 1, 2009, 2:26:31 PM (16 years ago)
Author:
Nicolas
Comment:

some formatting tweaks to permissions section

Legend:

Unmodified
Added
Removed
Modified

  • ServerIntro

    v53 v54  
    3636 * BOINC daemons runs as whoever created the project (let's say user '`boincadm`', group '`boinc`'). '''Do not run BOINC daemons (or anything else) as root'''.
    3737
    38 By default, the directories created by user apache are not world-writable. This causes problems: for example, when the file upload handler creates a directory in the [DirHierarchy upload hierarchy], it's owned by (apache, apache), and the [FileDeleter file deleter] (which runs as `boincadm`) won't be able to delete the files there.
     38By default, the directories created by user `apache` are not world-writable. This causes problems: for example, when the file upload handler creates a directory in the [DirHierarchy upload hierarchy], it's owned by (`apache`, `apache`), and the [FileDeleter file deleter] (which runs as `boincadm`) won't be able to delete the files there.
    3939
    4040To solve this problem, edit `/etc/group` so that `apache` belongs to group `boinc`, i.e. the line:
     
    5454}}}
    5555
    56 When you create a BOINC project using [MakeProject make_project], the critical directories are owned by `boincadm` and have the set-GID bit set; this means that any directories or files created by apache in those directories will have group `boinc` (not group `apache`). The BOINC software makes all directories group read/write. Thus, both `apache` and `boinc` will have read/write access to all directories and files, but other users will have no access.
     56When you create a BOINC project using [MakeProject make_project], the critical directories are owned by `boincadm` and have the set-GID bit set; this means that any directories or files created by `apache` in those directories will have group `boinc` (not group `apache`). The BOINC software makes all directories group read/write. Thus, both `apache` and `boinc` will have read/write access to all directories and files, but other users will have no access.
    5757
    5858To fix permissions on an existing project, do:
     
    6969You may also need to change the ownership of these directories and all their subdirectories to `boincadm/boinc`.  If you're running several projects on the same server and want to isolate them from each other, you can create a different user and group for each project, and add `apache` to all of the groups.
    7070
    71 When serving your project files from Apache, note that all directories up to and including the html directory must have execute permissions.  For example, if you use make_project to create the project template in your home directory, your home directory must have 711 permissions as opposed to the default of 700. If this is not corrected, you will receive a '''403 Forbidden''' error when attempted to browse to your project page. See [http://httpd.apache.org/docs/1.3/misc/FAQ.html#forbidden more information on dealing with Apache permissions problems].
     71When serving your project files from Apache, note that all directories up to and including the `html` directory must have execute permissions.  For example, if you use `make_project` to create the project template in your home directory, your home directory must have 711 permissions as opposed to the default of 700. If this is not corrected, you will receive a '''403 Forbidden''' error when attempted to browse to your project page. See [http://httpd.apache.org/docs/1.3/misc/FAQ.html#forbidden more information on dealing with Apache permissions problems].
    7272
    7373=== Installing BOINC software === #installing