[CalendarServer-users] CalendarServer 3.1 on Ubuntu 11.10 Server

Jim J jahosefet at gmail.com
Tue Dec 27 10:21:58 PST 2011 

All,

I'm quite new to this calendarserver thing. I'm trying to set up 3.1 (from
tags/releases in Subversion) on a 64-bit Ubuntu 11.10 server installation.
It's been a disaster. I was able to run calendarserver from the SVN
directory using ./run and then I "installed" it using ./run -i. That's
where things went bad. Some issues I've worked around, but I'd like to get
good solutions for. Currently I'm stuck trying to figure out what's going
on with PostgreSQL. Perhaps you guys can clue me in on how to properly fix
the following issues.

This is how I'm currently executing caldavd. Once it works I'll put it into
init.d and run it as a proper server. The () are because I *was* running
with those flags (see part 1) and have given up on them.

sudo caldavd -X -L -f <path to caldavd.plist file> (-u caldavd -g caldavd)

1. As I understand it, it is good practice to run Linux services that are
exposed to the internet as a restricted user. Given that and existence of
the -u and -g flags for caldavd, I figured those flags would be the right
way to do things. That doesn't work at all.

The first problem is that caldavd wants to write to
/var/run/ccs_postgresql_xxxxx which it can't do because /var belongs to
root and it attempts to do this after the setuid() call to become the
caldavd user. So, I went into caldavd.plist and changed the "DataRoot" to a
different directory and gave it to caldavd:caldavd.

Then I tried again. This time it failed because it appears that
calendarserver attempts to start postgresql whether or not the postgresql
service is already running on the local box. To do this, it tries to
setuid() again,  this time to ROOT! If the entire point of setting a user
for a service is to restrict it's privileges, why would one of those privs
be to allow setuid to root? That makes no sense.

So I gave up, now I'm trying to run it as root to see if the 3.1 release
even functions. How do I make this server run as somebody other than root?

2. Running as root (without the -u and -g flags shown above) gets the
application started and then it fails attempting to start memcached. I get
the error "cannot listen on tcp port". This is because memcachd is a system
service and is *already running*. Again, why is calendarserver attempting
to start a service that's already running?

So I stopped memcachd and tried again.

3. Calendarserver now successfully starts and connects to memcached but it
cannot connect to postgresql. This I haven't yet worked around. I get the
following error:
2011-12-27 12:43:11-0500 [-] [txdav.base.datastore.subpostgres#error]
[Failure instance: Traceback: <class 'pg.InternalError'>: could not connect
to server: No such file or directory
                Is the server running locally and accepting
                connections on Unix domain socket
"/tmp/ccs_postgres_f5e263275ce7de576bd42ca08db4fc56/.s.PGSQL.5432"?


/usr/lib/python2.7/dist-packages/twisted/internet/_baseprocess.py:60:maybeCallProcessEnded

/usr/local/lib/python2.7/dist-packages/txdav/base/datastore/subpostgres.py:92:processEnded

/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:361:callback

/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:455:_startRunCallbacks
        --- <exception caught here> ---

/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:542:_runCallbacks

/usr/local/lib/python2.7/dist-packages/txdav/base/datastore/subpostgres.py:367:gotReady

/usr/local/lib/python2.7/dist-packages/txdav/base/datastore/subpostgres.py:269:ready

/usr/local/lib/python2.7/dist-packages/txdav/base/datastore/subpostgres.py:261:produceConnection

/usr/local/lib/python2.7/dist-packages/txdav/base/datastore/dbapiclient.py:196:connect
        /usr/local/lib/python2.7/dist-packages/pgdb.py:482:connect
        ]

Here I'm stuck. Quite clearly calendarserver is expecting to launch the
postgresql service (which, again, doesn't make sense to me), but then it
can't connect when it does. Well, at least I'm assuming calendarserver
successfully launches postgresql because I don't get the setuid() error I
got in part 1 when it tries to setuid() to root in order to launch
postgresql. I can't figure out how to fix this. Any thoughts?

Thanks for the help,

Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-users/attachments/20111227/9ad06459/attachment.html>

More information about the calendarserver-users mailing list