Dear Stephen, >>/etc/request-tracker3.4/RT_SiteConfig.pm installs as rw by root only >>causing "Can't locate /etc/request-tracker3.4/RT_SiteConfig.pm in @INC" >>error when trying to run rt-setup-database > > This is not a bug, it was done this way by design. The file > RT_SiteConfig.pm contains, at least, the username and password for the > RT database so it is preferable that only root can read it. If you > want to make this file readable by other users (such as www-data for > running in cgi mode) then you have to do so yourself. > > It is done this way so that the sysadmin knows that the database > access parameters are readable by other users. For instance, if you > have php installed on the system anyone running a php script could > read the database access details if the file is readable by www-data. > > We give full instructions as to how to install and configure RT in the > files /usr/share/doc/request-tracker3.4/README.Debian and > /usr/share/doc/request-tracker3.4/INSTALL.Debian. These instructions > are all based on being run as root.
I take your point about this being a design issue for security reasons, but I still think that having the script throw an error like the one above isn't a good thing to do. If one follows the instructions provided with the package, the database admin user at least will have knowledge of the password, and so I see no real reason to deny that user the ability to run the setup script - in fact I'd say that the package is more useful if setup doesn't require root access, as on a multi-user system, the root user can install the package, and then delegate all configuration to the DBA. Additionally, the INSTALL.Debian.gz makes no explicit mention of a necessity to run this as root (though it admittedly does infer it by using a # prompt on the command line). As the script can certainly be run successfully as a non-root user I'd suggest that a small wrapper or modification to the rt-setup-database script could provide a useful error message, rather than the less than helpful perl "Can't locate..." error. Or a debconf question at install asking how to set the permissions would make the issue more explicit. Regards, Katherine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
