On Fri, Feb 20, 2009 at 02:40:58PM +0100, Olivier Berger wrote:
> On Fri, Feb 20, 2009 at 02:25:14PM +0100, Olivier Berger wrote:
> > > * Sympa 5.2 introduced a Perl wrapper for wwsympa.fcgi that uses
> > > sudo. Do you use it?
> >
> > Nope... the wrapper is provided in the Debian package but not used in
> > the default setup.
> >
>
> I've tried with the wrapper and this gives much better results, without
> errors reported.
>
> Here are the necessary changes :
>
> In /etc/sudoers :
>
> www-data ALL = (sympa) NOPASSWD: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
>
> and in /etc/apache2/conf.d/sympa :
>
> ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa_sudo_wrapper.pl
>
One more element also, which I didn't notice initially... the environment
variables are trashed with the default
/usr/lib/cgi-bin/sympa/wwsympa_sudo_wrapper.pl provided in the package.
So the CGI execution won't be really working, losing its base URL for instance.
It seems that having a supplemental -E option in the sudo command as well as
the SETENV: flag in sudoers helps also :
In /usr/lib/cgi-bin/sympa/wwsympa_sudo_wrapper.pl :
exec '/usr/bin/sudo', '-E', '-u', 'sympa',
'/usr/lib/cgi-bin/sympa/wwsympa.fcgi';
In /etc/sudoers (visudo) :
www-data ALL = (sympa) SETENV: NOPASSWD:
/usr/lib/cgi-bin/sympa/wwsympa.fcgi
Again :
> Maybe this should be the default, when no fastcgi is activated ?
>
> Hope this helps,
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
