Using the current version of Aegir (hostmaster-6.x-1.8) with a successfully installed platform of OE (7.x-1.0-beta7). Apps say "available". At first, I received the infamous FTP error. After changing ownership of basically the entire web hierarchy for the site (not for the platform though), the system seems to download and install the modules but now returns with an "Access denied .. You are not authorized to access this page." message on this page: http://[site]/admin/apps/levelten/app/seo/enable. I'm not thrilled changing ownership or permissions (as many of the posts I've read have indicated), but I understand there might be some incompatibility between OE apps and Aegir. Any assistance would be appreciated, because I'd love to use these two products together.

I've also tried to find some instructions for downloading the apps manually using drush, but have been unsuccessful. The drush make examples packaged with OE are incomplete (doesn't list all the names) and I've looked for the app names with no success.

Comments

August1914’s picture

I have the same setup, an Aegir (hostmaster-6.x-1.8) with a successfully installed platform of OE (7.x-1.0-beta7). I just put up OE, and it behaves just as you describe with regards to rights; I'm not sure I'll be helping you, or you me, but I'd be glad to try to sort this out.

It might be useful to review this
http://community.aegirproject.org/handbook/strategy/open-app-standard-draft
which I don't think answers or addresses the immediate question, but at least provides some context.

All of the openenterprise apps are posted as projects, you can see the list at
project/openenterprise
you can get an app to any site with drush, for example
drush dl enterprise_rotator
caveat emptor: I haven't enabled any of these projects in anything other than an openenterprise code base. Probably it all works fine.

Anyway, back to the main issue: the first step is to find and link the best d.o. documentation on the rights question, and then work through the scenarios.

August1914’s picture

This is probably the document-of-record for this topic of server rights management.
http://drupal.org/node/244924

I'm not saying that it answers the question, just that anyone working down this path ought to cover this ground...

dwork’s picture

Thanks for directing me to the list of apps. The apps don't seem to be features, which would make installing them manually much easier, but I was successful installing and enabling a couple of apps manually. drush dl works, just remember to download all the dependencies too.

Most of the aegir hierarchy is owned by aegir.aegir, which means that only the aegir user can modify files or write to the directories. The "files" directory is owned by aegir.www-data with permissions set to 770. That means the apache user can't write files into the sites/all/modules or sites/all/themes directory. I changed the group to www-data and was able to install modules, but it would be better if group or permissions could be changed >> install module >> change back to avoid a permanent security issue, or if an aegir task was initiated to install the module/app.

August1914’s picture

There are several directory locations which need to be writable by "group";
first, temporary directory, as you set at in admin/config/media/file-system. This is where the file will be downloaded to. Second, the sites install directory (sites/default or sites/my.example.com), then finally the target location (sites/all/modules or sites/my.example.com/modules).

http://drupal.org/node/1479164 suggests that checking that the site install dir is writable is incorrect; that the installer should check if the target location is writable, instead of the checking the site install directory (where it isn't going to install anything anyway.)

Maybe I don't understand the big picture, but it seems that the switch to FTP should perhaps happen if there are no rights to the temporary files location, but, in the scenario I'm seeing, we have successfully downloaded the files to sites/my.example.com/temporary, and switch to FTP because sites/my.example.com is not writable by group, so how is FTP going to help me out at this point?

In any case, let's move this issue over to project/apps, and see if we can get through it.

August1914’s picture

For reference, see function apps_install_downloads()
line 190 of apps.installer.inc

dwork’s picture

This issue seems to address a patch for D6, but not D7. http://drupal.org/node/1088472.

August1914’s picture

Consider that you can do the platform setup including apps with drush as root: site-install and the dl the apps (you'll need to enable them in order to get the dependencies installed). Then create the aegir platform; your aegir sites will come into the world with the apps in "disabled" state, rather than "available". From the site owner's perspective, it will be the same: they have a simple way to install (enable) the apps on their site. From the platform administrator's perspective, you keep apache in jail, and not even giving up much in exchange.