Setting file permissions during preview/publish

I'm in the early stages of migrating PCC Natural Market's
website to
Bricolage.

I'm working with server side includes (with XBitHack on) and
have run
into the same problem as discussed several times on the
list:

http://marc.info/?l=bricolage-general&m=1
10034065716603&w=2
http://marc.info/?l=bricolage-general&m=1
10555751510383&w=2
http://marc.info/?l=bricolage-general&m=1
13016152623915&w=2
http://marc.info/?l=bricolage-general&m=1
06562494404462&w=2

In short, the file needs to be set to be executable.
However, I can't
seem to find the solution.

In the last post listed above, David suggested:

> Can you set a bitmask on your destination server for
the user that 
> connects to it so that all files in your cgi-bin
directory are 
> automatically +x?

But I'm not sure how to go about doing that.

Any ideas?

Chris

-------------------

Chris Schults
Web Developer
PCC Natural Markets
206-547-1222 x104
chris.schultspccsea.com
http://www.pccnatura
lmarkets.com 

On Jan 18, 2008, at 4:01 AM, bharder wrote:

> On Thu, Jan 17, 2008 at 06:03:09PM -0800, Schults,
Chris wrote:
>> I'm in the early stages of migrating PCC Natural
Market's website to
>> Bricolage.
>>
>> I'm working with server side includes (with
XBitHack on) and have run
>> into the same problem as discussed several times on
the list:
>>
>> http://marc.info/?l=bricolage-general&m=1
10034065716603&w=2
>> http://marc.info/?l=bricolage-general&m=1
10555751510383&w=2
>> http://marc.info/?l=bricolage-general&m=1
13016152623915&w=2
>> http://marc.info/?l=bricolage-general&m=1
06562494404462&w=2
>>
>> In short, the file needs to be set to be
executable. However, I can't
>> seem to find the solution.
>>
>> In the last post listed above, David suggested:
>>
>>> Can you set a bitmask on your destination
server for the user that
>>> connects to it so that all files in your
cgi-bin directory are
>>> automatically +x?
>>
>> But I'm not sure how to go about doing that.
>

There's also this response:

 > why not have apache parse every .html page for ssi? 
since every  
page needs it, it would make no difference.

Which is the configuration I find useful. In one case, .html
is set  
to parse as PHP, and the more common method is to have .html
parse  
as .shtml.


> Are you talking about umask (apropos umask)?



This sounds familiar too.

Are you finding that your .shtml files are not properly
parsing  
includes? What results are you currently getting? Is it just
the  
Bricolage created files that aren't executing?

Phillip.

--
Phillip Smith,
Simplifier of Technology
Community Bandwidth

> Are you talking about umask (apropos umask)?

Yes, I believe so! Thanks, will investigate.

Chris

> Are you finding that your .shtml files are not properly

> parsing includes? What results are you currently
getting? Is 
> it just the Bricolage created files that aren't
executing?

Bricolage is creating the files as 0644. The includes are
not being
processed because XBitHack requires the files to be
executable. As soon
as I change the perms to 0744, the includes work. While
setting the
umask seems to be the right option, I want to be careful as
Bricolage is
creating these files as the user 'nobody'.

> There's also this response:
> 
>  > why not have apache parse every .html page for
ssi?  since 
> every page needs it, it would make no difference.
> 
> Which is the configuration I find useful. In one case,
.html 
> is set to parse as PHP, and the more common method is
to have 
> .html parse as .shtml.

According to the Apache tutorial
(http:
//httpd.apache.org/docs/1.3/howto/ssi.html), XBitHack
seems to be
the preferred option:

<snip>
Not just any file is parsed for SSI directives. You have to
tell Apache
which files should be parsed. There are two ways to do this.
You can
tell Apache to parse any file with a particular file
extension, such as
.shtml, with the following directives:

        AddType text/html .shtml
        AddHandler server-parsed .shtml

One disadvantage to this approach is that if you wanted to
add SSI
directives to an existing page, you would have to change the
name of
that page, and all links to that page, in order to give it a
.shtml
extension, so that those directives would be executed.

The other method is to use the XBitHack directive:

        XBitHack on

XBitHack tells Apache to parse files for SSI directives if
they have the
execute bit set. So, to add SSI directives to an existing
page, rather
than having to change the file name, you would just need to
make the
file executable using chmod.

        chmod +x pagename.html

A brief comment about what not to do. You'll occasionally
see people
recommending that you just tell Apache to parse all .html
files for SSI,
so that you don't have to mess with .shtml file names. These
folks have
perhaps not heard about XBitHack. The thing to keep in mind
is that, by
doing this, you're requiring that Apache read through every
single file
that it sends out to clients, even if they don't contain any
SSI
directives. This can slow things down quite a bit, and is
not a good
idea.
</snip>

Chris

-------------------

Chris Schults
Web Developer
PCC Natural Markets
206-547-1222 x104
chris.schultspccsea.com
http://www.pccnatura
lmarkets.com  

On 18-Jan-08, at 1:27 PM, Schults, Chris wrote:

> Not just any file is parsed for SSI directives. You
have to tell  
> Apache
> which files should be parsed. There are two ways to do
this. You can
> tell Apache to parse any file with a particular file
extension,  
> such as
> .shtml, with the following directives:
>
>         AddType text/html .shtml
>         AddHandler server-parsed .shtml


Why not just add .html to the list of parsed documents?
AFAIK it  
doesn't add much overhead.

Phillip.

--
Phillip Smith,
Simplifier of Technology
Community Bandwidth
http://www.community
bandwidth.ca

On Fri, Jan 18, 2008 at 02:28:41PM -0500, Phillip Smith
wrote:
> 
> On 18-Jan-08, at 1:27 PM, Schults, Chris wrote:
> 
> >Not just any file is parsed for SSI directives. You
have to tell  
> >Apache
> >which files should be parsed. There are two ways to
do this. You can
> >tell Apache to parse any file with a particular
file extension,  
> >such as
> >.shtml, with the following directives:
> >
> >        AddType text/html .shtml
> >        AddHandler server-parsed .shtml
> 
> 
> Why not just add .html to the list of parsed documents?
AFAIK it  
> doesn't add much overhead.

It _will_ get rid of your "Last-Modified" time for
the file, though, which could be detrimental for caching,
either explicitly on your site, or implicitly somewhere
else...

In the absence benchmarks re: overhead, Apache suggests not
doing it, which would seem like a good place to start for
me.

It also strikes me as performing surgery with a chainsaw --
on the other hand, if a chainsaw is the only way you can get
this to work, c'est la vie.

-- 

Brad Harder,
Method Digital Logic
http://www.methodlogic.net

On Jan 18, 2008, at 3:22 PM, bharder wrote:

> On Fri, Jan 18, 2008 at 02:28:41PM -0500, Phillip Smith
wrote:
>>
>> On 18-Jan-08, at 1:27 PM, Schults, Chris wrote:
>>
>>> Not just any file is parsed for SSI directives.
You have to tell
>>> Apache
>>> which files should be parsed. There are two
ways to do this. You can
>>> tell Apache to parse any file with a particular
file extension,
>>> such as
>>> .shtml, with the following directives:
>>>
>>>        AddType text/html .shtml
>>>        AddHandler server-parsed .shtml
>>
>>
>> Why not just add .html to the list of parsed
documents? AFAIK it
>> doesn't add much overhead.
>
> It _will_ get rid of your "Last-Modified"
time for the file,  
> though, which could be detrimental for caching, either
explicitly  
> on your site, or implicitly somewhere else...
>
> In the absence benchmarks re: overhead, Apache suggests
not doing  
> it, which would seem like a good place to start for
me.


Hrmph... I see this in O'Reilly's  "Apache: The
Definitive Guide:"

10.6. XBitHack

"This is an obsolete facility for handling server-side
includes  
automatically if the execute permission is set on a file. It
is  
provided for backward compatibility. If the group execute
bit is set,  
a long expiration time is given to the browser. It is better
to use a  
handler as described above."


--
Phillip Smith,
Simplifier of Technology
Community Bandwidth
http://www.community
bandwidth.ca

> Care to file a feature request ticket?

Request submitted.

Chris