This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
To: "mod_perl" <modperl@apache.org> From: "Rob Bloodgood" <robb@empire2.com> Subject: HTML Mason 1.0 setup Date: Thu, 1 Mar 2001 11:03:58 -0800 I've been using HTML::Mason under mod_perl on my site for awhile, using 0.89, and I like it lots. :-) So when the new 1.0 came out, I went to go upgrade, and broke EVERYTHING. Not only that, but, I haven't been able to make sense out of what Mason wants for its dir heirarchy, anyway: First, comp_root (apparently) needs to be the same as DocumentRoot, which seems horribly insecure... if I could find another way to do it, I would, but for now, knowing the path my components run under makes them viewable _AS SOURCE_ by anyone who knows the url. and in the same vein, the *ONLY* way I could get it to run was to put it's data_dir under DocumentRoot as well. ???????? Why can't I have /home/httpd/html /home/httpd/components (instead of /home/httpd/html/components) /home/httpd/mason (instead of /home/httpd/html/mason) ? Or more correctly, how do I tell Mason to use that kind of strucure? And what (the docs don't say, the changelog isn't indicative) changed in the required setup procedure at 1.0? My friend called me wanting to do HTML::Mason, which I told him was absolutely awesome for development, but he couldn't get it running at all (he only had access to the 1.0 from CPAN) (and we only had my working config to start with). This is the relevant section of my startup.pl: ============================================= package HTML::Mason; use strict; use Apache::Constants qw(:common); use Date::Format; local $| = 1; my $parser = new HTML::Mason::Parser; my $interp = new HTML::Mason::Interp ( parser => $parser, comp_root => '/home/httpd/html', data_dir => '/home/httpd/html/mason', ); my $ah = new HTML::Mason::ApacheHandler ( interp => $interp, output_mode => 'batch', # output_mode => 'stream', error_mode => 'html', # fatal debug_mode => 'all', debug_perl_binary => '/usr/bin/perl', debug_handler_script => '/etc/httpd/lib/perl/startup.pl', debug_handler_proc => 'HTML::Mason::handler', ); # {{{ setuid/taint shut UP! if (0) { my @test = ( qw/1 2 3/ ); my @files_written = map {/(.*)/; $1} @test # $interp->files_written ; warn "Trying to deal w/ tainting: >", Data::Dumper->Dump([ \@files_written ], [ qw/files_written/ ] ) , "<\n"; chown( [getpwnam('nobody')]->[2],[getpwnam('nobody')]->[2], @files_written ); } # }}} sub handler { my ($r) = @_; $ah->handle_request($r); } # {{{ globals { package HTML::Mason::Commands; use vars qw($dbh %session); # my ($dsn, $user, $pass) = (My::dbi_connect_string(), My::dbi_pwd_fetch()); # $dsn = 'dbi:Proxy:hostname=devel;port=3333;dsn=' . $dsn; { local $^W = 1; # ( dsn, username, password ) # $interp->set_global(dbh => DBI->connect(My::dbi_connect_string(), My::dbi_pwd_fetch())); #$dbh = DBI->connect(My::dbi_connect_string(), My::dbi_pwd_fetch()) or die DBI->errstr; #$dbh->{AutoCommit} = 0; } } # }}} globals ============================================= TIA!!!! L8r, Rob #!/usr/bin/perl -w use Disclaimer qw/:standard/; === To: "Rob Bloodgood" <robb@empire2.com>, "mod_perl" <modperl@apache.org> From: Ray Zimmerman <rz10@cornell.edu> Subject: Re: HTML Mason 1.0 setup Date: Thu, 1 Mar 2001 14:28:33 -0500 At 11:03 AM -0800 3/1/01, Rob Bloodgood wrote: >I've been using HTML::Mason under mod_perl on my site for awhile, using >0.89, and I like it lots. :-) So when the new 1.0 came out, I went to go >upgrade, and broke EVERYTHING. > >Not only that, but, I haven't been able to make sense out of what Mason >wants for its dir heirarchy, anyway: >First, comp_root (apparently) needs to be the same as DocumentRoot, which >seems horribly insecure... if I could find another way to do it, I would, >but for now, knowing the path my components run under makes them viewable >_AS SOURCE_ by anyone who knows the url. Well, the only reason a component should be visible as source is if Mason isn't working, right? So saying that it's horribly insecure is the same as saying that it's not working right? Here's what I use in my httpd.conf to get get Mason to handle all files with .md extensions (Mason documents). These are the top level components that return an entire page. The .mc files are other components which in the comp_root and thus available be called by other Mason components, but cannot be requested directly via a URL. This seems secure to me and it's been working just fine from 0.7 or so up through 1.0. AddType text/html .md <FilesMatch ".*\.md$"> SetHandler perl-script PerlHandler HTML::Mason Options Indexes FollowSymLinks ExecCGI </FilesMatch> <FilesMatch ".*\.mc$"> Order allow,deny Deny from all </FilesMatch> >and in the same vein, the *ONLY* way I could get it to run was to put it's >data_dir under DocumentRoot as well. ???????? Is it a file permissions problem? If you're running your webserver as user 'nobody', nobody has to have write access to the data_dir. You definitely don't want to have your data_dir under your DocumentRoot. Ray === To: "Rob Bloodgood" <robb@empire2.com>, "mod_perl" <modperl@apache.org> From: Bill McCabe <dfb2000@mediaone.net> Subject: Re: HTML Mason 1.0 setup Date: Thu, 1 Mar 2001 14:31:14 -0500 Hi Rob I just went through this exact situation this morning. I ended up (unnecessarily) recompiling apache/mod_perl in the hopes of fixing it. All that really needed to be done was to add "use HTML::Mason::ApacheHandler;" to mason's handler.pl. I'm assuming your v0.89 site was working properly. Anyway, my apache and mod_perl are up to date now at least. === To: Ray Zimmerman <rz10@cornell.edu> From: karlheg@microsharp.com (Karl M. Hegbloom) Subject: Re: HTML Mason 1.0 setup Date: 01 Mar 2001 13:02:01 -0800 >>>>> "Ray" == Ray Zimmerman <rz10@cornell.edu> writes: Ray> At 11:03 AM -0800 3/1/01, Rob Bloodgood wrote: >> and in the same vein, the *ONLY* way I could get it to run was to put it's >> data_dir under DocumentRoot as well. ???????? Ray> Is it a file permissions problem? If you're running your webserver as Ray> user 'nobody', nobody has to have write access to the data_dir. You Ray> definitely don't want to have your data_dir under your DocumentRoot. Nobody and nogroup should not have writes anywhere. Your web server thus should not run as "nobody", but as a special user. On Debian GNU/Linux systems, the web server runs as "www-data", group "www-data". === To: "'Rob Bloodgood'" <robb@empire2.com>, mod_perl <modperl@apache.org> From: Steven Vetzal <steve@dabax.com> Subject: RE: HTML Mason 1.0 setup Date: Thu, 1 Mar 2001 19:30:17 -0500 Hi Rob, > I've been using HTML::Mason under mod_perl on my site for > awhile, using > 0.89, and I like it lots. :-) So when the new 1.0 came out, Me too 8^) I'm a Mason junkie for going on 4 years now I think - since 0.4 8^) > I went to go > upgrade, and broke EVERYTHING. There are some very specific differences. Make sure that you are setting up the ApacheHandler correctly - you may need to compare the handler included in the distribution. Most importantly make sure you have use HTML::Mason::ApacheHandler; I did not see this in your sample attachment. > Not only that, but, I haven't been able to make sense out of > what Mason > wants for its dir heirarchy, anyway: > First, comp_root (apparently) needs to be the same as > DocumentRoot, which > seems horribly insecure... if I could find another way to do > it, I would, This is not correct - I use a drastically different component root than my document root on all of my installations, specifically for security reasons. Make sure you un-comment the lines in the handler.pl for: chown ( scalar(getpwnam "nobody"), scalar(getgrnam "nobody"), $interp->files_written ); Substitute the "nobody" for the user & group your web server runs under. The transient files created by Mason will need to be writable by that user, and the Mason handler will take care of the permissions issues for you. > Why can't I have > /home/httpd/html > /home/httpd/components (instead of /home/httpd/html/components) > /home/httpd/mason (instead of /home/httpd/html/mason) I would generally use a directory structure like: AppName/web/pub/ (document root, public HTML documents and top-level Mason components) AppName/web/elements/ (non top-level Mason components) And then set the component root to AppName/web, allowing you to use absolute references in your <& &> and $m->comp calls such as $m->comp("/elements/banner.html"), or <& /elements/footer.html &> This ensures that banner.html and footer.html are NOT accessible directly via the web server. My Mason Interpreter object is usually set up like: my $interp = new HTML::Mason::Interp (parser=>$parser, allow_recursive_autohandlers=>undef, comp_root=>'/home/www/AppName/web', data_dir=>'/var/masondata'); Then my VirtualHost directive sets: DocumentRoot /home/www/AppName/pub Check out that use directive I noted at the top - it might be your sticking point. ===