CGI backend still needs suid

diff --git a/manifests/init.pp b/manifests/init.pp
index 864f6aa92ce9eab712b5662a77b1f32611477a9a..b2c25b2d224bbf278fc4b8619b6ad0f0c0947418 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,6 +1,7 @@
 class ikiwiki(
   $sites_folder       = '/var/sites',
-  $git_implementation = 'gitolite'
+  $git_implementation = 'gitolite',
+  $www_user           = 'www-data'
 ) {
   package { [ "ikiwiki", "po4a" ]:
     ensure => installed,

diff --git a/manifests/instance.pp b/manifests/instance.pp
index 8aeb291062667936263c7e47cf670098297a6cd4..ac8618a1fcc75e6d9d4c22282a64581bfbeead6e 100644 (file)
--- a/manifests/instance.pp
+++ b/manifests/instance.pp
@@ -84,8 +84,8 @@ define ikiwiki::instance($base_url = $domain, $ensure = 'present', $description
       file { "${ikiwiki::sites_folder}/${name}/${instance}/ikiwiki.cgi":
         ensure  => present,
         owner   => $owner,
-        group   => $group,
-        mode    => 0550,
+        group   => $ikiwiki::www_user,
+        mode    => 6550,
         require => File["/etc/ikiwiki/$name.setup"],
       }
     }

diff --git a/templates/ikiwiki.setup.erb b/templates/ikiwiki.setup.erb
index 12c9d1ab00bf0a4cc34d77b28f6ce9dfb1e6a487..f66186663e5aa2e8ad6513752d92d315d0415317 100644 (file)
--- a/templates/ikiwiki.setup.erb
+++ b/templates/ikiwiki.setup.erb
@@ -64,8 +64,8 @@ use IkiWiki::Setup::Standard {
                        # The cgi wrapper.
                        cgi => 1,
                        wrapper => "<%= scope.lookupvar('ikiwiki::sites_folder') %>/<%= name %>/ikiwiki/ikiwiki.cgi",
-                       wrappermode => "00550",
-      wrappergroup => "<%= group %>",
+                       wrappermode => "06550",
+      wrappergroup => "<%= scope.lookupvar('ikiwiki::www_user') %>",
                },
                #{
                #       # The svn post-commit wrapper.