Bug 443407 - missing Requires(pre): httpd
Summary: missing Requires(pre): httpd
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: php-eaccelerator
Version: 9
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Matthias Saou
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-21 12:54 UTC by Joe Orton
Modified: 2009-01-02 09:05 UTC (History)
0 users

Fixed In Version: 1:0.9.5.3-2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-12-24 14:47:43 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Joe Orton 2008-04-21 12:54:25 UTC 
ananconda install.log has:

Installing php-eaccelerator-0.9.5.2-2.fc9.i386
warning: user apache does not exist - using root
warning: group apache does not exist - using root

if this package contains files owned by the apache user or group, it needs to
"Requires(pre): httpd" to ensure that the user/group are set up before the files
are installed.
Comment 1 Matthias Saou 2008-04-22 12:19:31 UTC 
I agree this needs fixing, but not by requiring httpd, as eaccelerator works
fine using lighttpd and PHP through fastcgi for instance.

The only clean solution I can think of would be to create a shared group to
which both "apache" and "lighttpd" would belong, and make the eA cache directory
mode 770 root:group. How does that sound?
Comment 2 Joe Orton 2008-04-22 13:23:19 UTC 
It sounds like a waste of gids, scare resource and all that.  I don't know why
lighttpd doesn't run as the apache uid anyway, it's not like anybody will use
both/require security separation between them.
Comment 3 Bug Zapper 2008-05-14 09:51:12 UTC 
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Matthias Saou 2008-12-24 13:55:17 UTC 
(In reply to comment #2)
> It sounds like a waste of gids, scare resource and all that.  I don't know why
> lighttpd doesn't run as the apache uid anyway, it's not like anybody will use
> both/require security separation between them.

Well, I mostly agree, but I can imagine people running both apache and lighttpd with different dynamic backends on the same server and expecting them to be "isolated" enough from a security perspective. So I do think that each web server having its own uid/gid does make sense.

This doesn't solve the dilemma here, though.

The only workaround I can think of is to provide some README which would explain the problem, suggesting to change the default /var/cache/php-eaccelerator directory to something else when not using apache. That and add a trigger to the package in order to chown the directory to apache:apache when httpd gets installed, for when php-eaccelerator gets installed first (this would be the fix for this particular report).
Comment 5 Matthias Saou 2008-12-24 14:47:43 UTC 
I've tried quite a few ideas, and none worked but this last one :

* Wed Dec 24 2008 Matthias Saou <http://freshrpms.net/> 1:0.9.5.3-2
- Update default cache dir to be ghosted and take care of creating it and
  changing default ownership in the %%post scriplet (fixes #443407).

Which means that the cache directory :
 * Defaults to apache:apache ownership even without httpd installed
 * Won't have its ownership reset upon rpm update if manually changed

So this workaround covers every scenario I could think of.
Comment 6 Joe Orton 2009-01-02 09:05:04 UTC 
Seems reasonable - thanks for dealing with it!
Note You need to log in before you can comment on or make changes to this bug.