Closed Bug 1241026 Opened 9 years ago Closed 9 years ago

checksetup.pl requires editing localconfig to remove apache group

Categories

(Bugzilla :: Installation & Upgrading, defect)

Product:
Bugzilla
Component:
Installation & Upgrading
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 6.0

People

(Reporter: dylan, Assigned: dylan)

Details

Attachments

(1 file)

1241026_1.patch
1.25 KB, patch
dkl
: review+
Details | Diff | Splinter Review
Right now, if you want to checkout bugzilla and do some dev work, you can use generate a cpanfile with checksetup and use cpanm to install the deps. If you're on a machine that does not have apache, you're not likely to have an 'apache' group and checksetup will complain. Thus we should change the default webserver group to an empty value.
As the comment says in localconfig, setting it to "" is very unsecure. I don't think this is a good default value for production installations. Most installations use Apache (because Apache is still very common) and we shouldn't put them in an unsecure environment by default. I much prefer that the few devs who do not have Apache installed clear this setting.
Severity: normal → minor
Component: Bugzilla-General → Installation & Upgrading
Attached patch 1241026_1.patchSplinter Review
Attachment #8711371 - Flags: review?(dkl)
(In reply to Frédéric Buclin from comment #1) > As the comment says in localconfig, setting it to "" is very unsecure. I > don't think this is a good default value for production installations. Most > installations use Apache (because Apache is still very common) and we > shouldn't put them in an unsecure environment by default. I much prefer that > the few devs who do not have Apache installed clear this setting. With this change, it should not be empty on a non-windows machine -- and it should also never be the name of a non-existing group.
Comment on attachment 8711371 [details] [diff] [review] 1241026_1.patch Review of attachment 8711371 [details] [diff] [review]: ----------------------------------------------------------------- r=dkl ::: Bugzilla/Install/Localconfig.pm @@ +38,5 @@ > ); > > +sub _sensible_group { > + return '' if ON_WINDOWS; > + my @groups = qw( apache www-data _www ); should this be a constant maybe?
Attachment #8711371 - Flags: review?(dkl) → review+
(In reply to David Lawrence [:dkl] from comment #4) > Comment on attachment 8711371 [details] [diff] [review] > 1241026_1.patch > > Review of attachment 8711371 [details] [diff] [review]: > ----------------------------------------------------------------- > > r=dkl > > ::: Bugzilla/Install/Localconfig.pm > @@ +38,5 @@ > > ); > > > > +sub _sensible_group { > > + return '' if ON_WINDOWS; > > + my @groups = qw( apache www-data _www ); > > should this be a constant maybe? I think that wouldn't make it any more useful -- the value is used only there.
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git a0f345b..a8512ce master -> master
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 6.0
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: