On Tue, Feb 26, 2013 at 4:19 AM, D'Arcy J.M. Cain <da...@vex.net> wrote:
> Please see the message I sent a few minutes ago re: "Unable to open > logs" if you need more information about my system than I have included > here. > > I have recently upgraded to Apache 2.4, suExec and dbd authentication > with PostgreSQL. This is on a system with multiple users. Here is an > example virtual host entry: > > <VirtualHost 98.158.134.24:80> > ServerName admin.occ4u.org > DocumentRoot /u/WEB/Misc/OCC_Admin > ServerAdmin webmas...@vex.net > SuexecUserGroup darcy vex > > DBDriver pgsql > DBDParams "host=localhost dbname=occ user=occ" > I think the password for the user that connects to the DB should also be declared here like: DBDParams "host=localhost dbname=occ user=occ password=some_password" > DBDPersist off > > <Directory /u/WEB/Misc/OCC_Admin> > AuthType Basic > AuthName "OCC database Administration" > Require valid-user > AuthBasicProvider dbd > AuthDBDUserPWQuery "SELECT raw(person_pass) FROM person \ > WHERE person_login = %s AND \ > person_active = 't'" > </Directory> > </VirtualHost> > > This fails because the connection is made as nobody, the user that the > server itself runs as. The database makes an ident call for occ and > fails of course. > > Currently my solution is to either make the database trust any > connections from itself You can make this "trust the local connections for SOME users including apache user". And additionally you can grant apache user select permissions only to the person table of the occ database. > or make the password files world readable. > Neither of these seems very secure. I tried adding a User directive in > the virtual host but that just crashed Apache with a config error > sending me on a five minute reboot (Unable to open logs - see previous > message.) > > Database connections from the web site are fine since suExec runs the > scripts as occ. Is there any way to make the dbd connection run as occ > as well? > > You can run apache as occ user. > Thanks for any help. > > -- > D'Arcy J.M. Cain > System Administrator, Vex.Net > http://www.Vex.Net/ IM:da...@vex.net > Voip: sip:da...@vex.net > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
