| | 114 | |
| | 115 | == Multiple Projects, suExec, and RHEL 4 == |
| | 116 | '''Added by mjs at clemson.edu''' |
| | 117 | |
| | 118 | Here's what I learned trying to follow the above instructions on a vanilla RHEL4 installation. I'll attempt to clarify some points that I found confusing and some important RHEL-specific issues. |
| | 119 | |
| | 120 | My layout is as follows: |
| | 121 | |
| | 122 | * Project Trac installations are in /home/tracker/Trac/Projects/project-a /home/tracker/Trac/Projects/project-b, etc. |
| | 123 | * The Trac site is a separate vhost from our other Web pages. |
| | 124 | * The Trac site lives in /home/tracker/Trac/htdocs/. |
| | 125 | * /home/tracker/Trac/cgi-bin is a symlink to /var/www/cgi-bin/tracker/ (see below). |
| | 126 | * URLs are !http://trac.example.com/projects/project-a, etc. |
| | 127 | |
| | 128 | Red Hat compiles suExec so that it only executes CGI scripts that live below /var/www. You cannot symlink individual scripts, but you can symlink a directory. This means that we can't drop CGI scripts under doc root. The scripts will have to live in the cgi-bin subdirectory. Scripts must also not be group-writable. |
| | 129 | |
| | 130 | The Trac vhost is defined as follows: |
| | 131 | {{{ |
| | 132 | <VirtualHost *:80> |
| | 133 | ServerAdmin webmaster@example.com |
| | 134 | DocumentRoot /home/tracker/Trac/htdocs |
| | 135 | ServerName trac.example.com |
| | 136 | |
| | 137 | RewriteEngine on |
| | 138 | RewriteRule ^/projects/+$ /projects/index.html [L] |
| | 139 | RewriteCond /home/tracker/Trac/Projects/$1 -d |
| | 140 | RewriteRule ^/projects/([^/]+)(/?.*) /cgi-bin/tracwrap.cgi$2 [S=1,PT] |
| | 141 | RewriteRule ^/projects/(.*) /projects/index.html |
| | 142 | |
| | 143 | ScriptAlias /cgi-bin/ "/home/tracker/Trac/cgi-bin/" |
| | 144 | SuexecUserGroup coin coin |
| | 145 | ErrorLog /var/log/trac/error_log |
| | 146 | CustomLog /var/log/trac/access_log combined |
| | 147 | Alias /icons /home/tracker/Trac/htdocs/icons |
| | 148 | </VirtualHost> |
| | 149 | }}} |
| | 150 | Notes: |
| | 151 | * The !ScriptAlias line enables CGI script invocation in the named subdirectory. This subdirectory must be a symlink to a directory under /var/www/cgi-bin/. |
| | 152 | * The second !RewriteRule finds the project name and appends anything following it to the rewritten URL. Normally, the result of a !RewriteRule is appended to the path to doc root. The PT ("Pass Through") flag prevents this, so /cgi-bin/tracwrap.cgi is invoked as a script. |
| | 153 | * The E flag in torgny's example is superfluous, as suExec strips it from the environment anyway. |
| | 154 | |
| | 155 | As above, the tracwrap.cgi script sets environment variables for trac.cgi depending on the project name: |
| | 156 | {{{ |
| | 157 | |
| | 158 | #!/bin/bash |
| | 159 | proj=${SCRIPT_URL#/projects/} |
| | 160 | project=${proj%${PATH_INFO}} |
| | 161 | export TRAC_ENV="/home/tracker/Trac/Projects/${project}" |
| | 162 | export SCRIPT_NAME="/projects/${project}" |
| | 163 | exec ./trac.cgi |
| | 164 | }}} |
| | 165 | I found that the variables you need to manipulate are quite different than in torgny's example. SCRIPT_URL contains the entire local URL, e.g., "/projects/project-a/login" and PATH_INFO already contains anything after the project name. So to get the project name, you need to strip "/project/" off the front of ${SCRIPT_URL} and "${PATH_INFO}" off the end. On entry, SCRIPT_NAME contains "tracwrap.cgi", not anything related to the project name. |
| | 166 | |
| | 167 | |
| | 168 | ---- |
