This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
To: "mod_perl" <modperl@apache.org>
From: "Rob Bloodgood" <robb@empire2.com>
Subject: HTML Mason 1.0 setup
Date: Thu, 1 Mar 2001 11:03:58 -0800
I've been using HTML::Mason under mod_perl on my site for awhile, using
0.89, and I like it lots. :-) So when the new 1.0 came out, I went to go
upgrade, and broke EVERYTHING.
Not only that, but, I haven't been able to make sense out of what Mason
wants for its dir heirarchy, anyway:
First, comp_root (apparently) needs to be the same as DocumentRoot, which
seems horribly insecure... if I could find another way to do it, I would,
but for now, knowing the path my components run under makes them viewable
_AS SOURCE_ by anyone who knows the url.
and in the same vein, the *ONLY* way I could get it to run was to put it's
data_dir under DocumentRoot as well. ????????
Why can't I have
/home/httpd/html
/home/httpd/components (instead of /home/httpd/html/components)
/home/httpd/mason (instead of /home/httpd/html/mason)
? Or more correctly, how do I tell Mason to use that kind of strucure?
And what (the docs don't say, the changelog isn't indicative) changed in the
required setup procedure at 1.0? My friend called me wanting to do
HTML::Mason, which I told him was absolutely awesome for development, but he
couldn't get it running at all (he only had access to the 1.0 from CPAN)
(and we only had my working config to start with).
This is the relevant section of my startup.pl:
=============================================
package HTML::Mason;
use strict;
use Apache::Constants qw(:common);
use Date::Format;
local $| = 1;
my $parser = new HTML::Mason::Parser;
my $interp = new HTML::Mason::Interp ( parser => $parser,
comp_root => '/home/httpd/html',
data_dir =>
'/home/httpd/html/mason', );
my $ah = new HTML::Mason::ApacheHandler ( interp => $interp,
output_mode => 'batch',
# output_mode => 'stream',
error_mode => 'html', # fatal
debug_mode => 'all',
debug_perl_binary =>
'/usr/bin/perl',
debug_handler_script =>
'/etc/httpd/lib/perl/startup.pl',
debug_handler_proc =>
'HTML::Mason::handler', );
# {{{ setuid/taint shut UP!
if (0) {
my @test = ( qw/1 2 3/ );
my @files_written = map {/(.*)/; $1} @test # $interp->files_written
;
warn "Trying to deal w/ tainting: >",
Data::Dumper->Dump([ \@files_written ], [ qw/files_written/ ] ) ,
"<\n";
chown( [getpwnam('nobody')]->[2],[getpwnam('nobody')]->[2],
@files_written );
}
# }}}
sub handler {
my ($r) = @_;
$ah->handle_request($r);
}
# {{{ globals
{
package HTML::Mason::Commands;
use vars qw($dbh %session);
# my ($dsn, $user, $pass) = (My::dbi_connect_string(),
My::dbi_pwd_fetch());
# $dsn = 'dbi:Proxy:hostname=devel;port=3333;dsn=' . $dsn;
{
local $^W = 1;
# ( dsn, username, password )
# $interp->set_global(dbh => DBI->connect(My::dbi_connect_string(),
My::dbi_pwd_fetch()));
#$dbh = DBI->connect(My::dbi_connect_string(),
My::dbi_pwd_fetch()) or die DBI->errstr;
#$dbh->{AutoCommit} = 0;
}
}
# }}} globals
=============================================
TIA!!!!
L8r,
Rob
#!/usr/bin/perl -w
use Disclaimer qw/:standard/;
===
To: "Rob Bloodgood" <robb@empire2.com>, "mod_perl"
<modperl@apache.org>
From: Ray Zimmerman <rz10@cornell.edu>
Subject: Re: HTML Mason 1.0 setup
Date: Thu, 1 Mar 2001 14:28:33 -0500
At 11:03 AM -0800 3/1/01, Rob Bloodgood wrote:
>I've been using HTML::Mason under mod_perl on my site for awhile, using
>0.89, and I like it lots. :-) So when the new 1.0 came out, I went to go
>upgrade, and broke EVERYTHING.
>
>Not only that, but, I haven't been able to make sense out of what Mason
>wants for its dir heirarchy, anyway:
>First, comp_root (apparently) needs to be the same as DocumentRoot, which
>seems horribly insecure... if I could find another way to do it, I would,
>but for now, knowing the path my components run under makes them viewable
>_AS SOURCE_ by anyone who knows the url.
Well, the only reason a component should be visible as source is if
Mason isn't working, right? So saying that it's horribly insecure is
the same as saying that it's not working right?
Here's what I use in my httpd.conf to get get Mason to handle all
files with .md extensions (Mason documents). These are the top level
components that return an entire page. The .mc files are other
components which in the comp_root and thus available be called by
other Mason components, but cannot be requested directly via a URL.
This seems secure to me and it's been working just fine from 0.7 or
so up through 1.0.
AddType text/html .md
<FilesMatch ".*\.md$">
SetHandler perl-script
PerlHandler HTML::Mason
Options Indexes FollowSymLinks ExecCGI
</FilesMatch>
<FilesMatch ".*\.mc$">
Order allow,deny
Deny from all
</FilesMatch>
>and in the same vein, the *ONLY* way I could get it to run was to put it's
>data_dir under DocumentRoot as well. ????????
Is it a file permissions problem? If you're running your webserver as
user 'nobody', nobody has to have write access to the data_dir. You
definitely don't want to have your data_dir under your DocumentRoot.
Ray
===
To: "Rob Bloodgood" <robb@empire2.com>, "mod_perl"
<modperl@apache.org>
From: Bill McCabe <dfb2000@mediaone.net>
Subject: Re: HTML Mason 1.0 setup
Date: Thu, 1 Mar 2001 14:31:14 -0500
Hi Rob
I just went through this exact situation this morning. I ended up
(unnecessarily) recompiling apache/mod_perl in the hopes of fixing it. All
that really needed to be done was to add "use HTML::Mason::ApacheHandler;"
to mason's handler.pl. I'm assuming your v0.89 site was working properly.
Anyway, my apache and mod_perl are up to date now at least.
===
To: Ray Zimmerman <rz10@cornell.edu>
From: karlheg@microsharp.com (Karl M. Hegbloom)
Subject: Re: HTML Mason 1.0 setup
Date: 01 Mar 2001 13:02:01 -0800
>>>>> "Ray" == Ray Zimmerman <rz10@cornell.edu> writes:
Ray> At 11:03 AM -0800 3/1/01, Rob Bloodgood wrote:
>> and in the same vein, the *ONLY* way I could get it to run was to put it's
>> data_dir under DocumentRoot as well. ????????
Ray> Is it a file permissions problem? If you're running your webserver as
Ray> user 'nobody', nobody has to have write access to the data_dir. You
Ray> definitely don't want to have your data_dir under your DocumentRoot.
Nobody and nogroup should not have writes anywhere. Your web server
thus should not run as "nobody", but as a special user. On Debian
GNU/Linux systems, the web server runs as "www-data", group
"www-data".
===
To: "'Rob Bloodgood'" <robb@empire2.com>, mod_perl
<modperl@apache.org>
From: Steven Vetzal <steve@dabax.com>
Subject: RE: HTML Mason 1.0 setup
Date: Thu, 1 Mar 2001 19:30:17 -0500
Hi Rob,
> I've been using HTML::Mason under mod_perl on my site for
> awhile, using
> 0.89, and I like it lots. :-) So when the new 1.0 came out,
Me too 8^) I'm a Mason junkie for going on 4 years now I think - since 0.4
8^)
> I went to go
> upgrade, and broke EVERYTHING.
There are some very specific differences. Make sure that you are setting up
the ApacheHandler correctly - you may need to compare the handler included
in the distribution. Most importantly make sure you have
use HTML::Mason::ApacheHandler;
I did not see this in your sample attachment.
> Not only that, but, I haven't been able to make sense out of
> what Mason
> wants for its dir heirarchy, anyway:
> First, comp_root (apparently) needs to be the same as
> DocumentRoot, which
> seems horribly insecure... if I could find another way to do
> it, I would,
This is not correct - I use a drastically different component root than my
document root on all of my installations, specifically for security reasons.
Make sure you un-comment the lines in the handler.pl for:
chown ( scalar(getpwnam "nobody"), scalar(getgrnam "nobody"),
$interp->files_written );
Substitute the "nobody" for the user & group your web server runs under. The
transient files created by Mason will need to be writable by that user, and
the Mason handler will take care of the permissions issues for you.
> Why can't I have
> /home/httpd/html
> /home/httpd/components (instead of /home/httpd/html/components)
> /home/httpd/mason (instead of /home/httpd/html/mason)
I would generally use a directory structure like:
AppName/web/pub/ (document root, public HTML documents and top-level Mason
components)
AppName/web/elements/ (non top-level Mason components)
And then set the component root to AppName/web, allowing you to use absolute
references in your <& &> and $m->comp calls such as
$m->comp("/elements/banner.html"), or <& /elements/footer.html &>
This ensures that banner.html and footer.html are NOT accessible directly
via the web server.
My Mason Interpreter object is usually set up like:
my $interp = new HTML::Mason::Interp (parser=>$parser,
allow_recursive_autohandlers=>undef,
comp_root=>'/home/www/AppName/web',
data_dir=>'/var/masondata');
Then my VirtualHost directive sets:
DocumentRoot /home/www/AppName/pub
Check out that use directive I noted at the top - it might be your sticking
point.
===