Configuration:
Main Hostmaster on Debian (web user: www-data, ID 33)
Remote server on CentOS (web user: apache, ID 48)
First, when I create a remote server configuration for the CentOS server in the hostmaster interface, it put the wrong 'web_group' settings in the alias file. (It put www-data, instead of apache).
Second, when you migrate a site from the Debian host to the Centos server, it does not set its permission correctly. It should be apache, and its currently set to aegir.
From my reading of the code (which can be wrong), Provision seems to try to change the group ownership on the main server before transferring the files (which will fail, since the group apache does not exist on the main server)
Comments
Comment #1
greenscientist CreditAttribution: greenscientist commentedI have found a work around.
if I set the main group of the aegir user to the apache group, instead of the aegir group, the file will be created as with owner of aegir:apache and that works.
Comment #2
Anonymous (not verified) CreditAttribution: Anonymous commentedWe currently don't support differing web groups between servers.
I'm not sure this i'll change, but it's a constraint at the moment and not entirely a bug.
Comment #3
anarcat CreditAttribution: anarcat commentedI would say this *is* a bug: we have (or used to have?) a "web_group" field per server, even in the frontend... Why isn't that used?
Comment #4
greenscientist CreditAttribution: greenscientist commentedIn fact, the web_group information is used, but not at the right moment.
As I explained in the bug report, it try to set the ownership on the local server. It should do it on the remote server, after doing the rsync
Comment #5
EugenMayer CreditAttribution: EugenMayer commentedActually setting the permissions on the master ( local ) is not robust. The uid / gid does not need to match the UID / GID on the remote server. As the chown / chmod commands are part of the php libs (so that does not add extra debs to the remote server), i would suggest doing it directly on the remote.
We could also get the uid / gid of the remote server, but thats just more effort.
Comment #6
ergonlogictagging
Comment #7
helmo CreditAttribution: helmo commentedIn a new duplicate of this(#2408245: Support remote servers of a different OS than server_master) Jon Pugh mentions:
Another thing I just thought of is using the --groupmap option from rsync...
Comment #8
Jon PughTo repost from that issue...
I was trying to connect a CentOS server as a remote to a devshop server running ubuntu.
I was having more problems than expected, then realized web_group is set to www-data, not centos's "apache" user.
I tracked it down to Line 42 of provision/http/Provision/Service/http/public.php:
It appears that servers are forced to use the web_group of server master.
Not sure yet how we might fix this, but it's something I see as a requirement: being able to support any server in a single aegir instance.
_provision_default_web_group()
needs to be run on the server to get the right web group.Comment #9
Jon PughComment #10
Jon PughSetting the parent issue for this bug as #2408245, since having that feature resolves this bug.