Last modified: 2013-01-14 15:47:28 UTC
Here is what Katie proposed so that we stop running the script as root: 1) create a new user on the systems, such as "wikidata", with some shared password. We can "su wikidata" (or "sudo -u wikidata" ) and run things as that user, such as pollforchanges. 2) put user "wikidata" it into group: www-data 3) change permissions on all our mediawiki instances to: chown -Rf wikidata:www-data /var/www sudo chmod -R g+s /var/www (I'm not 100% sure about this but think it's right)
I created a system user ("wikidata") in the www-data group. In a first step, this user's crontab now monitors if pollForChanges is running at all and if not it starts it as the wikidata user. I refuse to put the sgid bit on everything in /var/www because of security risks. Using the suid bit just on pollForChanges does not work on a php script. Question back to the developers: Can you specify the uid or user name under which the script is running directly *in* the script? (On dev this would be "wikidata", uid=115, gid=33.)
If you are root, you can "become" another user from inside php: http://php.net/manual/en/function.posix-setuid.php However, beware the consequences. For instance, if the pid file was written as root, it may not be readable once the script runs as ordinary user. But... * why is it not sufficient to just call the script as a different user? * Why do you thing SGID is a security risk? SUID is, but SGID should be safe enough: http://www.library.yale.edu/wsg/docs/permissions/sgid.htm * SUID does not work on script files at all. * You should probably add www-data to the wikidata group (and/or vice versa?)
