Package: redmine
Version: 0.9.0~svn2907-1
Severity: important
when running redmine with apache2 and libapache2-mod-passenger, the permissions
on
/usr/share/redmine/config/initializers/session_store.rb are insufficient and
redmine throws an
error that the session_store.rb file is not found. The permissions are as
follows:
File: `/usr/share/redmine/config/initializers/session_store.rb'
Size: 779 Blocks: 8 IO Block: 4096 regular file
Device: ca01h/51713d Inode: 35242 Links: 1
Access: (0640/-rw-r-----) Uid: ( 33/www-data) Gid: ( 33/www-data)
Because passenger runs as user 'nobody' it cannot access the file, which is
critical to redmine
because it establishes cookies for session verification. The error message that
passenger throws
up is:
"no such file to load --
/usr/share/redmine/config/initializers/session_store.rb
(MissingSourceFile)"
Making the file world readable allows redmine to run, but it means the secret
key could be
exposed to any user with access to the server.
Another solution is to run passenger as the www-data user, by editing
/etc/apache2/mods-enabled/passenger.conf and adding the directive:
"PassengerDefaultUser www-data". However, passenger can only set that directive
once and it is
global, so all apps run via passenger would be run as that user.
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (900, 'stable'), (600, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages redmine depends on:
ii dbconfig-common 1.8.39 common framework for packaging dat
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii libjs-prototype 1.6.1-1 JavaScript Framework for dynamic w
ii libjs-scriptaculous 1.8.3-1 JavaScript library for dynamic web
ii rails 2.2.3-1 MVC ruby based framework geared fo
ii rake 0.8.7-1 a ruby build program
ii redmine-mysql 0.9.0~svn2907-1 metapackage providing MySQL depend
ii ruby 4.2 An interpreter of object-oriented
ii ruby1.8 1.8.7.174-3 Interpreter of object-oriented scr
Versions of packages redmine recommends:
ii libapache2-mod-fcgid 1:2.2-1 an alternative module compat with
ii libfcgi-ruby1.8 [libfcgi-ruby 0.8.7-4.1 FastCGI library for Ruby
Versions of packages redmine suggests:
ii apache2-mpm-prefork [htt 2.2.9-10+lenny6 Apache HTTP Server - traditional n
pn libopenid-ruby <none> (no description available)
pn librmagick-ruby <none> (no description available)
pn libsvn-ruby <none> (no description available)
-- debconf information:
redmine/instances/default/db/app-user: redmine
redmine/instances/default/passwords-do-not-match:
redmine/instances/default/default-language: en
redmine/instances/default/remote/newhost:
redmine/instances/default/db/basepath:
redmine/notify-migration:
redmine/old-instances:
redmine/instances/default/upgrade-error: abort
redmine/instances/default/pgsql/changeconf: false
redmine/instances/default/missing-db-package-error: abort
redmine/instances/default/db/dbname: redmine_default
redmine/instances/default/purge: false
redmine/current-instances: default
redmine/instances/default/remote/host:
redmine/default-language: ${defaultLocale}
redmine/instances/default/pgsql/no-empty-passwords:
redmine/instances/default/dbconfig-upgrade: true
redmine/instances/default/internal/reconfiguring: false
redmine/instances/default/upgrade-backup: true
redmine/instances/default/pgsql/method: unix socket
redmine/instances/default/install-error: abort
redmine/instances/default/mysql/admin-user: root
* redmine/instances/default/database-type: mysql
redmine/instances/default/pgsql/manualconf:
redmine/instances/default/pgsql/authmethod-admin: ident
redmine/instances/default/mysql/method: unix socket
redmine/instances/default/internal/skip-preseed: false
redmine/instances/default/pgsql/admin-user: postgres
redmine/instances/default/remove-error: abort
redmine/instances/default/dbconfig-remove:
redmine/instances/default/remote/port:
redmine/instances/default/pgsql/authmethod-user: password
* redmine/instances/default/dbconfig-install: true
redmine/instances/default/dbconfig-reinstall: false
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
