Bug 443407 - missing Requires(pre): httpd
missing Requires(pre): httpd
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: php-eaccelerator (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Matthias Saou
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-21 08:54 EDT by Joe Orton
Modified: 2009-01-02 04:05 EST (History)
0 users

See Also:
Fixed In Version: 1:0.9.5.3-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-12-24 09:47:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Joe Orton 2008-04-21 08:54:25 EDT
ananconda install.log has:

Installing php-eaccelerator-0.9.5.2-2.fc9.i386
warning: user apache does not exist - using root
warning: group apache does not exist - using root

if this package contains files owned by the apache user or group, it needs to
"Requires(pre): httpd" to ensure that the user/group are set up before the files
are installed.
Comment 1 Matthias Saou 2008-04-22 08:19:31 EDT
I agree this needs fixing, but not by requiring httpd, as eaccelerator works
fine using lighttpd and PHP through fastcgi for instance.

The only clean solution I can think of would be to create a shared group to
which both "apache" and "lighttpd" would belong, and make the eA cache directory
mode 770 root:group. How does that sound?
Comment 2 Joe Orton 2008-04-22 09:23:19 EDT
It sounds like a waste of gids, scare resource and all that.  I don't know why
lighttpd doesn't run as the apache uid anyway, it's not like anybody will use
both/require security separation between them.
Comment 3 Bug Zapper 2008-05-14 05:51:12 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Matthias Saou 2008-12-24 08:55:17 EST
(In reply to comment #2)
> It sounds like a waste of gids, scare resource and all that.  I don't know why
> lighttpd doesn't run as the apache uid anyway, it's not like anybody will use
> both/require security separation between them.

Well, I mostly agree, but I can imagine people running both apache and lighttpd with different dynamic backends on the same server and expecting them to be "isolated" enough from a security perspective. So I do think that each web server having its own uid/gid does make sense.

This doesn't solve the dilemma here, though.

The only workaround I can think of is to provide some README which would explain the problem, suggesting to change the default /var/cache/php-eaccelerator directory to something else when not using apache. That and add a trigger to the package in order to chown the directory to apache:apache when httpd gets installed, for when php-eaccelerator gets installed first (this would be the fix for this particular report).
Comment 5 Matthias Saou 2008-12-24 09:47:43 EST
I've tried quite a few ideas, and none worked but this last one :

* Wed Dec 24 2008 Matthias Saou <http://freshrpms.net/> 1:0.9.5.3-2
- Update default cache dir to be ghosted and take care of creating it and
  changing default ownership in the %%post scriplet (fixes #443407).

Which means that the cache directory :
 * Defaults to apache:apache ownership even without httpd installed
 * Won't have its ownership reset upon rpm update if manually changed

So this workaround covers every scenario I could think of.
Comment 6 Joe Orton 2009-01-02 04:05:04 EST
Seems reasonable - thanks for dealing with it!

Note You need to log in before you can comment on or make changes to this bug.