FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Infrastructure

 
 
LinkBack Thread Tools
 
Old 06-30-2008, 09:34 PM
Mike McGrath
 
Default Advice on deploying wsgi app using jsonfas

On Mon, 30 Jun 2008, Robin Norwood wrote:

> Hi,
>
> So I'm working to get amber packaged and deployable as a wsgi app so I
> can run a demo on publictest10. I've made pretty fair progress getting
> things up and running (on my local system first to make sure it works),
> but I've run into an issue.
>
> For the setup, I'm basically ripping off the way Ricky Zhou set up fas
> wholesale. I have an amber.conf file in /etc/httpd/conf.d, which
> refers to an amber.wsgi file. All of that seems to work fine. The
> problem happens when I try to connect. I get a 500 error with the
> following in httpd's error log:
>
> Unable to write to session file /var/www/.fedora_session: [Errno 13]
> Permission denied: '/var/www/.fedora_session'
>
> Well, it turns out that this is because my app is using jsonfas, which
> uses fedora.client.BaseClient. In fedora/client/__init__.py, I find:
>
> SESSION_FILE = path.join(path.expanduser('~'), '.fedora_session')
>
> Which explains the error - my app is running under apache, and
> while /var/www is apache's homedir, apache can't write to that
> directory.
>
> So, as anyone else worked around this with another turbogears app
> running under wsgi and using jsonfas? Since turbogears and fas are
> both pretty common, it seems likely that someone here has already dealt
> with this.

Does your application prompt users for their username and password or does
it have one listed in the configs somewhere to access fas? I'm not
familiar with the .fedora_session format, does it store everyone's
sessions?

I'm asuming that if someone had access to it they'd be able to become
whoever was logged in at that time. Probably to other applications as
well. I'd like to hear Toshio's advice on this, I believe he's the
primary architect of how .fedora_session should behave

-Mike

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 06-30-2008, 09:54 PM
Robin Norwood
 
Default Advice on deploying wsgi app using jsonfas

On Mon, 30 Jun 2008 16:34:27 -0500 (CDT)
Mike McGrath <mmcgrath@redhat.com> wrote:

> On Mon, 30 Jun 2008, Robin Norwood wrote:
>
> > Hi,
> >
> > So I'm working to get amber packaged and deployable as a wsgi app
> > so I can run a demo on publictest10. I've made pretty fair
> > progress getting things up and running (on my local system first to
> > make sure it works), but I've run into an issue.
> >
> > For the setup, I'm basically ripping off the way Ricky Zhou set up
> > fas wholesale. I have an amber.conf file in /etc/httpd/conf.d,
> > which refers to an amber.wsgi file. All of that seems to work
> > fine. The problem happens when I try to connect. I get a 500
> > error with the following in httpd's error log:
> >
> > Unable to write to session file /var/www/.fedora_session: [Errno 13]
> > Permission denied: '/var/www/.fedora_session'
> >
> > Well, it turns out that this is because my app is using jsonfas,
> > which uses fedora.client.BaseClient. In fedora/client/__init__.py,
> > I find:
> >
> > SESSION_FILE = path.join(path.expanduser('~'), '.fedora_session')
> >
> > Which explains the error - my app is running under apache, and
> > while /var/www is apache's homedir, apache can't write to that
> > directory.
> >
> > So, as anyone else worked around this with another turbogears app
> > running under wsgi and using jsonfas? Since turbogears and fas are
> > both pretty common, it seems likely that someone here has already
> > dealt with this.
>
> Does your application prompt users for their username and password or
> does it have one listed in the configs somewhere to access fas? I'm
> not familiar with the .fedora_session format, does it store everyone's
> sessions?

I believe it does. The way it seems to work is that I specify a user
to connect to FAS in the config - this gets me a fas session. Then,
the user enters a username/password from the web form, and jsonfas
'does magic' to authenticate the user.

> I'm asuming that if someone had access to it they'd be able to become
> whoever was logged in at that time. Probably to other applications as
> well. I'd like to hear Toshio's advice on this, I believe he's the
> primary architect of how .fedora_session should behave

Yeah, Toshio is the one who set this up to begin with. I don't know if
he's ever used this sort of setup under wsgi/httpd, though.

-RN

--
Robin Norwood
Red Hat, Inc.

"The Sage does nothing, yet nothing remains undone."
-Lao Tzu, Te Tao Ching

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 07-01-2008, 05:17 PM
Robin Norwood
 
Default Advice on deploying wsgi app using jsonfas

On Mon, 30 Jun 2008 17:18:04 -0400
Robin Norwood <rnorwood@redhat.com> wrote:

> Unable to write to session file /var/www/.fedora_session: [Errno 13]
> Permission denied: '/var/www/.fedora_session'

Ok, I think I figured this out a bit more. When Toshio gave me code to
do the FAS stuff, he included a class called 'UserCache'. Setting this
up is what was triggering the creation of the evil .fedora_session
file. Just getting rid of the code that sets up the cache seems to be
enough to get me working again, and users can still log in.

I'm not sure what the performance implications are, but I can discuss
with Toshio when he gets back.

-RN

--
Robin Norwood
Red Hat, Inc.

"The Sage does nothing, yet nothing remains undone."
-Lao Tzu, Te Tao Ching

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 

Thread Tools




All times are GMT. The time now is 03:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org