Changes between Version 4 and Version 5 of ServerIntro


Ignore:
Timestamp:
May 9, 2007, 1:17:44 PM (17 years ago)
Author:
davea
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ServerIntro

    v4 v5  
    77
    88== Groups and permissions ==
    9 We recommend that you create a separate user and group for the BOINC server, and add the web-server user to this group. Details are [GroupPermissions here].
     9BOINC server programs run as two different users:
     10 * The scheduler and file upload handler are CGI programs, so they run as the same user as the web server (typically user 'apache', group 'apache').
     11 * BOINC daemons runs as whoever created the project (let's say user 'boincadm', group 'boinc').
     12
     13By default, the directories created by user apache are not world-writeable. This causes problems: for example, when the file upload handler creates a directory in the [DirHierarchy upload hierarchy], it's owned by (apache, apache), and the [http://boinc.berkeley.edu/trac/wiki/FileDeleter file deleter] (which runs as boincadm) won't be able to delete the files there.
     14
     15== Recommended solution ==
     16
     17Edit /etc/group so that apache belongs to group boinc, i.e. the line:
     18
     19{{{
     20boinc:x:566:
     21}}}
     22becomes:
     23{{{
     24boinc:x:566:apache
     25}}}
     26(Apache will need to be stopped/restarted for this to take effect.)
     27
     28When you create a BOINC project using [MakeProject make_project], the critical directories are owned by boincadm and have the set-GID bit set; this means that any directories or files created by apache in those directories will have group boinc (not group apache). The BOINC software makes all directories group read/write. Thus, both apache and boinc will have read/write access to all directories and files, but other users will have no access.
     29
     30On an existing project, do:
     31
     32{{{
     33chmod 02770 upload
     34chmod 02770 html/cache
     35chmod 02770 html/inc
     36chmod 02770 html/languages
     37chmod 02770 html/languages/compiled
     38chmod 02770 html/user_profiles
     39}}}
     40
     41You may also need to change the ownership of these directories and all their subdirectories to boincadm/boinc.  If you're running several projects on the same server and want to isolate them from each other, you can create a different user and group for each project, and add apache to all of the groups.
     42
    1043
    1144== Installing BOINC software ==