Re: How to remove settings from a systemd unit file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2024-06-05 00:06, users-request@xxxxxxxxxxxxxxxxxxxxxxx wrote:

From: Jeffrey Walton<noloader@xxxxxxxxx>



On Tue, Jun 4, 2024 at 7:24 PM Sam Varshavchik<mrsam@xxxxxxxxxxxxxxx>  wrote:

So I was tearing my hair out trying to figure out why attempts to push via
DAV to a git repo were failing.

....

However this apparently did not work. I threw in the towel and just edited
/lib/systemd/system/httpd.service and commented this setting out, entirely,
to finally fix this issue, and happy git pushing resumed.

But how do I fix this so that the next apache update doesn't clobber this?

I think a better choice is to leave the systemd unit files alone. Then
you don't have to worry about your changes getting reverted on updates
and system upgrades.

I also think it is better to avoid serving files from your home
directory. Instead, use /var. Install your Git-managed project in
/var/git (and your Subversion projects in /var/svn). Add a git user,
and make ownership of /var/git as root:git. Finally, change the
server's document root to/var/git/<project>.

This setup works well for me. The only problem I have encountered is
Git's fix for CVE-2022-24765 a/k/a safe directories. Safe directories
caused a big DoS at my site. Also see
<https://github.com/git/git/commit/8959555cee7e>.

Jeff
I agree with your first point about not *serving* files from /home. I disagree with your 'fix' in using /var.
Notwithstanding the anaconda installer's indications and instructions NOT TO, the installer always seems to WIPE the /var partition. Accordingly, you should use a symlink from /var/git (or in my case(s) /var/lib/mysql and /var/www/html) to somewhere else which will remain stable across a re-install. In my case I point these instances to an actual "physical" partition which is /misc, which allows me to easily back-up all the active 'stuff'. (It's really meta to describe a 'partition' on an SSD as 'physical'... but there we are.) Yes, it's a little more work on an actual re-install but I have some 'run-once' script lines in /etc/rc.d/rc.local which handles all of the stuff I would not remember how to do, much less remember to do... 

And Jeff, you should remember that it is spelt:

Geoff

--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux