Ubuntu
redmine package

Insufficient privileges for Passenger spawned application

Bug #696271 reported by riban
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
redmine (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: redmine

If Redmine is hosted by Apache with Passenger, Passenger spawns Redmine as user=nobody which can not see the configuration files in /etc/redmine/default. The following line must be added to /etc/apache2/mods-available/passenger.conf:

  PassengerDefaultUser www-data

Revision history for this message
kapouer (kapouer) wrote :

In debian, passenger runs as the owner of /usr/share/redmine/config/environment.rb,
hence this snippet in postinst :
chown www-data:root /usr/share/redmine/config/environment.rb

Isn't that the case of passenger in ubuntu ?

Revision history for this message
riban (brian-riban) wrote :

Passenger runs as root on Ubuntu (which is the owner of /usr/share/redmine/config/environment.rb). The snippet you include does not seem to have run because environment.rb has ownership root.root. Either way, Passenger spawns the ruby application as user defined in /etc/apache2/mods-available/passenger.conf.

Revision history for this message
Simon Bazley (sibaz) wrote :

I'd be surprised if passenger would allow itself to run as root. Anecdotal evidence suggests it isn't as on my setup, before I added the PassengerDefaultUser record to passenger.conf my setup was complaining that it didn't have write access to /etc/redmine/default/session.yml, which was owned by root. I changed it to be owned by www-data and it still complained, but adding the PassengerDefaultUser setting fixed it.

Revision history for this message
Simon Bazley (sibaz) wrote :

(I'd guess that it passenger becomes nobody if it finds that it is root).
So either way a fix is needed, either:-
1) Add PassengerDefaultUser www-data to passenger.conf
or
2) Add code to the package script, to set the ownership of environment.rb to www-data

#1 would seem to me to be the best solution as #2 is a little obscure if you're not familiar with passenger and how it works.

Launchpad Janitor (janitor)
Changed in redmine (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.