| [11:36:18] | * mstenta has quit (Ping timeout: 260 seconds) |
| [11:56:43] | * formatC_vt has quit (Ping timeout: 260 seconds) |
| [11:57:41] | * formatC_vt has joined #aegir |
| [11:57:41] | * formatC_vt has quit (Changing host) |
| [11:57:41] | * formatC_vt has joined #aegir |
| [12:37:04] | * drakythe is now known as zz_drakythe |
| [13:38:43] | * Yaazkal has joined #aegir |
| [14:20:35] | * Egyptian[Home] has quit (Ping timeout: 264 seconds) |
| [15:10:51] | * Yaazkal has quit () |
| [16:13:31] | * hefring has joined #aegir |
| [17:00:12] | * ivanjaros has joined #aegir |
| [17:03:46] | * Deciphered is now known as DecipheredAFK |
| [17:05:09] | * David_Hernandez has joined #aegir |
| [18:38:09] | * boshtian has joined #aegir |
| [18:38:53] | * rominronin has joined #aegir |
| [19:02:53] | * ivanjaros has quit (Quit: https://drupal.org/user/135190) |
| [19:10:25] | * e-anima has joined #aegir |
| [19:22:14] | * ivanjaros has joined #aegir |
| [19:24:01] | * thunderWilly has joined #aegir |
| [19:25:08] | * e-anima has quit (Ping timeout: 246 seconds) |
| [19:27:58] | * gandhiano has joined #aegir |
| [19:33:19] | * sdrycroft has joined #aegir |
| [19:59:26] | * gandhiano has quit (Read error: Connection reset by peer) |
| [20:00:08] | * gandhiano has joined #aegir |
| [20:44:39] | * mstenta has joined #aegir |
| [20:57:19] | * mstenta has quit (Quit: Leaving.) |
| [21:16:27] | * henk__ has joined #aegir |
| [21:34:02] | * boshtian has quit (Ping timeout: 244 seconds) |
| [22:05:20] | * Egyptian[Home] has joined #aegir |
| [22:07:01] | * boshtian has joined #aegir |
| [23:11:49] | * David_Hernandez has quit (Quit: :wq!) |
| [23:12:47] | * zombiebeard has joined #aegir |
| [23:54:33] | * gandhiano has quit (Ping timeout: 255 seconds) |
| [23:55:15] | * zz_drakythe is now known as drakythe |
| [23:56:23] | * gandhiano has joined #aegir |
| [00:39:33] | * gandhiano has quit (Ping timeout: 255 seconds) |
| [01:08:43] | * rominronin has quit (Quit: rominronin) |
| [01:18:46] | * rominronin has joined #aegir |
| [01:31:03] | * hestenet has joined #aegir |
| [01:32:21] | * Yaazkal has joined #aegir |
| [01:33:13] | * ivanjaros has quit (Quit: https://drupal.org/user/135190) |
| [01:42:07] | * ivanjaros has joined #aegir |
| [02:07:02] | * zombiebeard has quit (Quit: zombiebeard) |
| [02:23:51] | * zombiebeard has joined #aegir |
| [02:44:15] | * zombiebeard has quit (Quit: zombiebeard) |
| [02:46:05] | * hestenet_ has joined #aegir |
| [02:46:27] | * hestenet has quit (Read error: Connection reset by peer) |
| [03:05:00] | * rominronin has quit (Quit: rominronin) |
| [03:06:33] | * rominronin has joined #aegir |
| [03:12:46] | <bgm> | is there a way to invoke tasks as another user? (using sudo) |
| [03:12:55] | <bgm> | for example, I'd like to run the CiviCRM cron as www-data, not as aegir |
| [03:13:24] | <bgm> | (and I'd rather avoid doing an http request) |
| [03:15:46] | * hestenet_ has quit (Read error: Connection reset by peer) |
| [03:16:21] | * hestenet has joined #aegir |
| [03:16:28] | * rominronin has quit (Quit: rominronin) |
| [03:16:28] | * zombiebeard has joined #aegir |
| [03:20:27] | * Yaazkal has quit () |
| [03:23:14] | * jerryitt has joined #aegir |
| [03:28:22] | <bgm> | or maybe ACLs would be a better fix for my problem |
| [03:36:38] | <gboudria1> | bgm: I remember you can run drush in hostmaster with ACLs, but I haven't really tested it, I'm guessing it would be fine if there are no hostmaster files involved |
| [03:37:23] | * gboudria1 has quit (Quit: leaving) |
| [03:37:53] | * gboudrias has joined #aegir |
| [03:39:18] | <bgm> | gboudrias: my base problem is with files in files/civicrm/upload/ that are owned by www-data.www-data, and permissions 0600 |
| [03:39:47] | <bgm> | I'm not too sure why those files are being set of 0600, it doesn't seem to be in civi, and the directory is g+w aegir.www-data |
| [03:40:33] | <gboudrias> | hmm yeah that's kind of strange |
| [03:41:39] | * sdrycroft has quit (Quit: Leaving.) |
| [03:41:55] | <bgm> | civicrm usually recommends running crons as www-data, to avoid permission problems, so I was thinking that instead of provision_backend_invoke() to run the cron, we could exec() with something that does a sudo to www-data |
| [03:42:01] | <bgm> | but I'm lazy and that sounds risky :) |
| [03:42:17] | <bgm> | + we wouldn't get proper output of the cron (which is an API call) |
| [03:44:15] | * hestenet has quit (Read error: Connection reset by peer) |
| [03:44:20] | * hestenet_ has joined #aegir |
| [03:45:55] | <gboudrias> | Yeah aegir and www-data are painstakingly separated so I'm not sure how I would approach it... It would probably be okay to have a one-time script to run as sudo (to install the www-data cron), although that sort of breaks the "Drupal" workflow |
| [03:48:54] | <bgm> | I'd really rather keep the cron in the hosting queue, so that we can monitor the output |
| [03:48:54] | <bgm> | (not that the current implementation really monitors efficiently.. but it should) |
| [03:48:58] | * bgm has quit (Quit: Reconnecting) |
| [03:49:38] | * bgm has joined #aegir |
| [03:49:38] | * bgm has quit (Changing host) |
| [03:49:38] | * bgm has joined #aegir |
| [03:50:12] | <bgm> | (not sure if my last messages went through) |
| [03:50:17] | <bgm> | I'd really rather keep the cron in the hosting queue, so that we can monitor the output |
| [03:50:20] | <bgm> | (not that the current implementation really monitors efficiently.. but it should) |
| [03:55:08] | <anarcat> | it went through |
| [03:55:32] | <gboudrias> | Yeah I see what you mean, it seems like the root problem is the file permissions though, fundamentally if they are 0600 there's no way to do anything without being www-data (correct me if I'm wrong) |
| [03:55:57] | <gboudrias> | Which is something Aegir strictly forbids itself |
| [03:56:10] | <gboudrias> | (as far as I'm aware... ?) |
| [03:59:59] | * noecc has left #aegir ("pax") |
| [04:01:12] | * boshtian has quit (Quit: boshtian) |
| [04:02:31] | <bgm> | yeah, I guess if the umask on the directory was less strict, it would sort of be OK |
| [04:04:52] | <bgm> | I'm poking around ACLs for now :) |
| [04:05:02] | <gboudrias> | I'm still working on the isolated multi-server (trying to mount NFS with Kerberos for ACLs...), in that setup I'm guessing you could be a lot looser with the permissions (since the client is on its own VPS) |
| [04:08:36] | <bgm> | my requirement is way more basic: i just want to make sure that the 'aegir' user can read files owned by www-data :) |
| [04:08:49] | <bgm> | well, created by www-data |
| [04:09:59] | * sleewok has joined #aegir |
| [04:11:22] | <sleewok> | hey everyone, what's the best way to install the latest development version of Aegir? I'm hoping there is a way to do install it and still be able to update using apt. |
| [04:11:43] | <sleewok> | I'm running Ubuntu 14 and have aegir 3.1 running just fine |
| [04:12:24] | <sleewok> | I'm mainly interested in the updates that will be included with Aegir 3.2 with provision (integrtion of hosting_civicrm) |
| [04:12:26] | <gboudrias> | sleewok: Use the instructions at aegirproject.org but with the unstable repo instead of the stable one (obviously this is not recommended for production) |
| [04:13:16] | <sleewok> | ahh, k, i'll give that a try now |
| [04:13:20] | <gboudrias> | So replace "stable" with "unstable" in the instructions, and you get the daily dev release (afaik) |
| [04:13:56] | <sleewok> | excellent. thanks for the quick response! |
| [04:13:59] | <gboudrias> | No problem! |
| [04:19:40] | <sleewok> | fyi, looks like that worked perfectly :) |
| [04:20:20] | <gboudrias> | Awesome! |
| [04:33:23] | <bgm> | weird, so I tried changing /etc/apache2/envvars to 'umask 002', but files still get created as 0600 / www-data.www-data, despite the directory being chmod g+s |
| [04:34:18] | <bgm> | and if I understand correctly, the group permissions seem to define the mask that ACLs apply on top of the defined acls |
| [04:34:48] | <bgm> | i.e. if the file is 0600, and there's an ACL to give a user rwx, the effective acl will still be --- |
| [04:57:39] | * henk__ has quit (Ping timeout: 268 seconds) |
| [05:22:34] | <ergonlogic> | bgm: fwiw, this is a problem I've seen repeatedly w/ Drupal temp files |
| [05:22:51] | <ergonlogic> | they appear to be create with 0600 by default too |
| [05:23:53] | <bgm> | ergonlogic: oh, good to know, thanks. I wasn't sure if civi was doing a chmod somewhere (according to the code, it doesn't) |
| [05:25:14] | <bgm> | I'm really hitting my head on this one. I feel like the only solution would be to run the cron as www-data |
| [05:25:22] | <ergonlogic> | I submitted a patch to core to clean up temp files, which appears to have resolved it on that end, for me, anyway |
| [05:26:14] | <ergonlogic> | yeah, file permissions w/ civi have been a constant problom... |
| [05:26:56] | <ergonlogic> | I'm not sure I see how running cron as www-data would help |
| [05:27:01] | <bgm> | would making an 'exec' from the hosting queue be a problem? |
| [05:27:06] | <bgm> | ergonlogic: the files are owned by www-data |
| [05:27:53] | <ergonlogic> | but it seems like we're going to run into perm issues when verifying/migrating/etc. still anyway, no? |
| [05:29:04] | <bgm> | yeah, but that's a less critical issue :-) |
| [05:29:17] | <bgm> | the pre-migration scripts could run a sudo command to fix the permissions |
| [05:29:40] | <bgm> | whereas when a user wants to do a mailing, and attach a file to their mailing.. then the mailing gets stuck because it can't access the file. |
| [05:29:50] | <ergonlogic> | the 'www-data' user won't have access to the Aegir drush aliases |
| [05:30:38] | <ergonlogic> | so, any drush commands by www-data should presumably be run from the site root |
| [05:31:00] | <bgm> | is it a huge risk to add www-data to the aegir group? |
| [05:31:27] | <ergonlogic> | I believe so |
| [05:31:41] | <bgm> | i tested, and if www-data was not in the aegir group, it still tries to access sites/all/drush/something.php, but presumably that could be fixed (if/else) |
| [05:32:02] | <ergonlogic> | it'd presumably give www-data access to pretty much everything under /var/aegir |
| [05:32:25] | <bgm> | stuff shouldn't be g+rwx unless necessary |
| [05:32:33] | <bgm> | /var/aegir/config/ is not accessible, for example |
| [05:32:53] | <ergonlogic> | which'd include aliases |
| [05:33:02] | <ergonlogic> | no? |
| [05:33:38] | <bgm> | ah right, /var/aegir/.drush/server_localhost.alias.drushrc.php has passwords |
| [05:33:46] | <bgm> | hrm :) |
| [05:34:47] | <bgm> | got to run for meeting, thx for brainstorming :) |
| [05:44:14] | * Yaazkal has joined #aegir |
| [06:48:21] | * eft has joined #aegir |
| [06:50:22] | <eft> | I just create my first platform/site on d8 rc1 but I have a question about provision |
| [06:51:23] | <eft> | the provision drush commands seem to be store under /usr/share/drush/commands/provision-release |
| [06:51:28] | <eft> | is that the appropriate path? |
| [06:58:27] | <sleewok> | Are you trying to do something specific? |
| [06:59:01] | <sleewok> | I just installed provision_civicrm and the directory for that was in /var/aegir/.drush/provision_civicrm |
| [06:59:54] | <gboudrias> | You're talking about different things |
| [07:00:33] | <gboudrias> | eft: The standard path for provision is /usr/share/drush/commands/provision , did you install from dev? |
| [07:00:45] | <eft> | gboudrias: I did |
| [07:00:52] | <gboudrias> | Yeah that's probably right then |
| [07:01:12] | <eft> | but I must have had an older version that is called provision-release |
| [07:01:36] | <eft> | and my system seems to be only using that path |
| [07:01:46] | <eft> | so not sure how it's being controlled |
| [07:02:04] | <eft> | tried drush cc drush with not effect |
| [07:04:02] | * cweagans_afk is now known as cweagans |
| [07:05:30] | <gboudrias> | eft: It must be an environment variable, I don't think the path is hardcoded. Is there an issue? |
| [07:13:26] | <eft> | gboudrias: I fudged around it but renaming the folder |
| [07:14:25] | <gboudrias> | eft: I don't understand what you mean, nor what the problem is |
| [07:14:47] | <cweagans> | ohai #aegir |
| [07:14:49] | <cweagans> | how are things? |
| [07:17:35] | <eft> | gboudrias: the problem was that my system is looking for provision in /usr/share/drush/commands/provision-release not /usr/share/drush/commands/provision |
| [07:17:43] | <eft> | and I'm wondering where that's set |
| [07:19:00] | <eft> | I don't see anything relevant when I use printenv |
| [07:35:38] | * hestenet_ has quit (Read error: Connection reset by peer) |
| [07:35:51] | * hestenet has joined #aegir |
| [07:37:06] | * cweagans is now known as cweagans_afk |
| [07:37:12] | * sleewok has quit (Quit: Page closed) |
| [07:38:28] | * cweagans_afk is now known as cweagans |
| [08:08:04] | * zombiebeard has quit (Quit: zombiebeard) |
| [08:11:27] | * jerryitt has quit (Quit: Connection closed for inactivity) |
| [08:49:31] | * hestenet_ has joined #aegir |
| [08:49:46] | * hestenet has quit (Read error: Connection reset by peer) |
| [08:53:56] | * hestenet_ has quit (Read error: Connection reset by peer) |
| [08:54:17] | * hestenet has joined #aegir |
| [08:55:56] | * thunderWilly has quit (Read error: Connection reset by peer) |
| [09:14:33] | * cweagans is now known as cweagans_afk |
| [09:16:33] | * cweagans_afk is now known as cweagans |
| [09:32:06] | * cweagans is now known as cweagans_afk |
| [09:36:41] | * cweagans_afk is now known as cweagans |
| [09:49:23] | * ivanjaros has quit (Quit: https://drupal.org/user/135190) |
| [09:50:07] | * cweagans is now known as cweagans_afk |
| [09:53:43] | * drakythe is now known as zz_drakythe |
| [10:45:47] | * freiheit has quit (Quit: Leaving.) |
