Simpler Bugzilla

Max Kanat-Alexander mkanat at bugzilla.org
Tue Aug 12 19:11:57 UTC 2008


On Tue, 12 Aug 2008 13:55:50 +0200 "Andrés G. Aragoneses"
<knocte at NO-SPAM-PLEASE-gmail.com> wrote:
> - wrt the permission problems about the user running the web browser, 
> would it be feasible to prompt a password dialog to the user
> requesting him root access, and then the webapp sudoing the call to a
> script? 

	I think that might be forbidden (or not do-able) by Apache or
Perl, particularly in the sort of situations where a user would have to
use a web script (suexec on shared hosting).

> Of course, this wouldn't suppose a security problem if
> restricted to a local (not-remote) user (web page visitor).

	If you're a local user, you can use checksetup. The web script
is useful mostly for remote users.

> Anyway, if it can't be done in the near future, do we already (or do
> you think it's interesting) to at least present an informational
> message in bugzilla's main page requesting the user to run
> checksetup/localconfig at an initial installation?

	We could possibly do something like that. Of course, it's
checksetup.pl that sets the permissions so that Apache can read and run
index.cgi, so it probably wouldn't be very useful. We could add an
index.html that checksetup deletes, maybe.

	-Max
-- 
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.



More information about the developers mailing list