ananconda install.log has:
warning: user apache does not exist - using root
warning: group apache does not exist - using root
if this package contains files owned by the apache user or group, it needs to
"Requires(pre): httpd" to ensure that the user/group are set up before the files
I agree this needs fixing, but not by requiring httpd, as eaccelerator works
fine using lighttpd and PHP through fastcgi for instance.
The only clean solution I can think of would be to create a shared group to
which both "apache" and "lighttpd" would belong, and make the eA cache directory
mode 770 root:group. How does that sound?
It sounds like a waste of gids, scare resource and all that. I don't know why
lighttpd doesn't run as the apache uid anyway, it's not like anybody will use
both/require security separation between them.
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
(In reply to comment #2)
> It sounds like a waste of gids, scare resource and all that. I don't know why
> lighttpd doesn't run as the apache uid anyway, it's not like anybody will use
> both/require security separation between them.
Well, I mostly agree, but I can imagine people running both apache and lighttpd with different dynamic backends on the same server and expecting them to be "isolated" enough from a security perspective. So I do think that each web server having its own uid/gid does make sense.
This doesn't solve the dilemma here, though.
The only workaround I can think of is to provide some README which would explain the problem, suggesting to change the default /var/cache/php-eaccelerator directory to something else when not using apache. That and add a trigger to the package in order to chown the directory to apache:apache when httpd gets installed, for when php-eaccelerator gets installed first (this would be the fix for this particular report).
I've tried quite a few ideas, and none worked but this last one :
* Wed Dec 24 2008 Matthias Saou <http://freshrpms.net/> 1:0.9.5.3-2
- Update default cache dir to be ghosted and take care of creating it and
changing default ownership in the %%post scriplet (fixes #443407).
Which means that the cache directory :
* Defaults to apache:apache ownership even without httpd installed
* Won't have its ownership reset upon rpm update if manually changed
So this workaround covers every scenario I could think of.
Seems reasonable - thanks for dealing with it!