| 114 | |
| 115 | == Multiple Projects, suExec, and RHEL 4 == |
| 116 | '''Added by mjs at clemson.edu''' |
| 117 | |
| 118 | Here's what I learned trying to follow the above instructions on a vanilla RHEL4 installation. I'll attempt to clarify some points that I found confusing and some important RHEL-specific issues. |
| 119 | |
| 120 | My layout is as follows: |
| 121 | |
| 122 | * Project Trac installations are in /home/tracker/Trac/Projects/project-a /home/tracker/Trac/Projects/project-b, etc. |
| 123 | * The Trac site is a separate vhost from our other Web pages. |
| 124 | * The Trac site lives in /home/tracker/Trac/htdocs/. |
| 125 | * /home/tracker/Trac/cgi-bin is a symlink to /var/www/cgi-bin/tracker/ (see below). |
| 126 | * URLs are !http://trac.example.com/projects/project-a, etc. |
| 127 | |
| 128 | Red Hat compiles suExec so that it only executes CGI scripts that live below /var/www. You cannot symlink individual scripts, but you can symlink a directory. This means that we can't drop CGI scripts under doc root. The scripts will have to live in the cgi-bin subdirectory. Scripts must also not be group-writable. |
| 129 | |
| 130 | The Trac vhost is defined as follows: |
| 131 | {{{ |
| 132 | <VirtualHost *:80> |
| 133 | ServerAdmin webmaster@example.com |
| 134 | DocumentRoot /home/tracker/Trac/htdocs |
| 135 | ServerName trac.example.com |
| 136 | |
| 137 | RewriteEngine on |
| 138 | RewriteRule ^/projects/+$ /projects/index.html [L] |
| 139 | RewriteCond /home/tracker/Trac/Projects/$1 -d |
| 140 | RewriteRule ^/projects/([^/]+)(/?.*) /cgi-bin/tracwrap.cgi$2 [S=1,PT] |
| 141 | RewriteRule ^/projects/(.*) /projects/index.html |
| 142 | |
| 143 | ScriptAlias /cgi-bin/ "/home/tracker/Trac/cgi-bin/" |
| 144 | SuexecUserGroup coin coin |
| 145 | ErrorLog /var/log/trac/error_log |
| 146 | CustomLog /var/log/trac/access_log combined |
| 147 | Alias /icons /home/tracker/Trac/htdocs/icons |
| 148 | </VirtualHost> |
| 149 | }}} |
| 150 | Notes: |
| 151 | * The !ScriptAlias line enables CGI script invocation in the named subdirectory. This subdirectory must be a symlink to a directory under /var/www/cgi-bin/. |
| 152 | * The second !RewriteRule finds the project name and appends anything following it to the rewritten URL. Normally, the result of a !RewriteRule is appended to the path to doc root. The PT ("Pass Through") flag prevents this, so /cgi-bin/tracwrap.cgi is invoked as a script. |
| 153 | * The E flag in torgny's example is superfluous, as suExec strips it from the environment anyway. |
| 154 | |
| 155 | As above, the tracwrap.cgi script sets environment variables for trac.cgi depending on the project name: |
| 156 | {{{ |
| 157 | |
| 158 | #!/bin/bash |
| 159 | proj=${SCRIPT_URL#/projects/} |
| 160 | project=${proj%${PATH_INFO}} |
| 161 | export TRAC_ENV="/home/tracker/Trac/Projects/${project}" |
| 162 | export SCRIPT_NAME="/projects/${project}" |
| 163 | exec ./trac.cgi |
| 164 | }}} |
| 165 | I found that the variables you need to manipulate are quite different than in torgny's example. SCRIPT_URL contains the entire local URL, e.g., "/projects/project-a/login" and PATH_INFO already contains anything after the project name. So to get the project name, you need to strip "/project/" off the front of ${SCRIPT_URL} and "${PATH_INFO}" off the end. On entry, SCRIPT_NAME contains "tracwrap.cgi", not anything related to the project name. |
| 166 | |
| 167 | |
| 168 | ---- |