EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #09632

< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Run Apache as EPrints

Hi James and Yuri,

I don't do what the wiki says any more, mainly as I need to get things working with SELinux.  Instead, I add the eprints user to the apache (for Ubuntu this is www-data) and vice-versa (although this may not always be necessary)/  Then I make sure that directories and files share the same permissions for the user as groups (e.g. 775 / 664 or 770 / 660).

The reason I have not updated the wiki, is I suspect this will lead to quite a lot of questions here about some functionality breaking for some reason or other because there will be some exceptions where the file/directory permissions/ownership need to be slightly different.  Covering each caveat in the instructions would be difficult, based on the myriad of bespoke functionality people's EPrints repositories can have.

I will look into adding a separate page to link from the main installation instructions for Debian/Ubuntu and RHEL/Fedora/CentOS advising people they could try using the standard group / user for Apache by making certain alterations to filesystem ownership and permissions but with the caveat that this has the potential to break some of their repository's functionality.  Therefore, this should be done with care and only if you have a good understanding of how Linux file system permissions/ownership work.

Regards

David Newman


On 22/02/2024 10:09 am, Yuri wrote:
CAUTION: This e-mail originated outside the University of Southampton.
CAUTION: This e-mail originated outside the University of Southampton.

Hi!

 you also have to run the eprints bin commands (command line) as the www-data user. There's a check in this utilities about the user that should run them, I think it is a config somewhere.

Il 22/02/24 10:51, James Kerwin ha scritto:
CAUTION: This e-mail originated outside the University of Southampton.
CAUTION: This e-mail originated outside the University of Southampton.
Hi All,

I'm finally upgrading our live repository server and following this guidance which appears to have been updated since I last built a server (mid 2023 for our test repository):


I have a question about running apache as the EPrints user which is included here:

Now, update Apache configuration to set it up to use the eprints user and group, by ensuring the following lines are set thus in /etc/apache2/envvars:

export APACHE_RUN_USER=eprints
export APACHE_RUN_GROUP=eprints

On our recent server rebuilds (Ubuntu 20/22 and some version of EPrints 3.4) I haven't taken this step - presumably because it wasn't there. The /etc/apache2/envars file shows 222-data for each of these two settings. Does this matter? Should I go back and change it for past instances? Do I leave it as www-data for our current one?

I'm not sure what is best to do. On one hand "if it isn't broken..." and on the other "this might be really important". Our live repository is very old and these values are still www-data on there.

Thanks,
James

*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List
*** Archive: https://www.eprints.org/tech.php/
*** EPrints community wiki: https://wiki.eprints.org/



*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List
*** Archive: https://www.eprints.org/tech.php/
*** EPrints community wiki: https://wiki.eprints.org/