[Zoom]

I'm trying to set up a web app on a Mac running Mavericks and with Server installed. I installed Server to get the email server, and I was hoping to get some nice UI tools for handling apache and my web app. I've been nothing but frustrated... it's so different from "normal" Linux... all these custom folders and paths, and even a totally different httpd.conf file with Server.... ugh.

But I'm 95% there and I just need one more thing. I have a Perl/CGI app that accepts a zip file and does some parsing on it. There are 3 ways to get that zip file to the server: email, http and manual (CGI) upload. All three ways have a frontend script for the particular upload method, and then end up invoking the same python script to do the actual work. For the sake of discussion, let's call them:

handle_http.php
handle_email.py
handle_manual.cgi
do_work.py (common script)

I'm having permissions problems when I test this. I'm re-uploading the same zip file over and over, just because it's easiest for testing - so this will need to be able to clobber the existing files from the previous test. The file names are usually unique, so this isn't a problem in the normal use case - but for my testing, and on some rare occasions, we will need to be able to re-parse the same file and clobber the old results.

The files uploaded by the php upload script and CGI upload script both have user "_www" and group "wheel". The do_work.py script output has the same ownership, but different permissions for some reason:

-rw-r--r-- 1 _www wheel file.zip
-rwxrwxr-x 1 _www wheel out_file

When I try to upload the same zip file using the email handler, though, I get permission errors - I can't clobber the existing files. If I remove these files first, it's fine (because there's nothing to clobber). And in this case the permissions are:

-rw------- 1 someuser wheel file.zip
-rw------- 1 someuser wheel out_file

I set up the email handler by adding this to the /etc/aliases file:

email_id: "| /path/to/handle_email.py"

So my question is... how is the effective user ID chosen when the email handler is invoked? When that email_script.py is run, how did it pick "someuser" as the user? How is the umask chosen?

Somehow I need to set it up so that all three of these upload methods are able to clobber results from the others. It won't happen very often, but I'd still like it to work.

Thoughts?







[Zoom]

Oh... and when the files are generated by the email handler method, I can't view them via the web app interface. Once the zip file is processed, the output files are made available via a web interface for all to see. Apparently "someuser" files are readable by _www... not surprising given the 600 permissions, I suppose.

So the way I see it, I have two options here:

1) Change the umask for "someuser" to make the files have rw-rw-rw- permissions
2) Change the effective user of the email script to be "_www".

The latter would be more robust.

[Zoom]

Well, I figured out how to do options #2. So I'll just put it here for others. I think this has resolved my problem.

The user that gets chosen is based on the value of "default_privs" in the /Library/Server/Mail/Config/postfix/main.cf file. I was able to change this value using "sudo" and the changes took effect immediately (ie, the next time I invoked the email handler, the resulting files all were owned by the new user id). I set this user to be "_www". I had forgotten that I had actually set this to be "someuser" a long time ago. I found it by digging through my notes.

If you want more info, you can find it here:
Mavericks Server Admin: Mail service architecture
Postfix Configuration Parameters