I'm a big fan of Chiliproject, an open source fork of Redmine, a popular issue tracker. However, it is written in Ruby on Rails (RoR), which I am not very familiar with. During installation I got a number of file access errors, which led to the question -- what user do Passenger RoR apps actually run under?
In my particular setup, I'm using Ruby Enterprise Edition, which makes life easier, since it cleanly installs in a separate directory. It also provides the configuration required for Passenger (also known informally as mod_rails), which is the Apache module required to run RoR apps as simple virtual hosts.
Things works magically, until I needed to upload a screenshot of a problem. I then noticed that Chili couldn't write files! Naturally, I checked the directory that files should be going to, and saw that apache had full rights to it.
The only thing is, Passenger does not run as the apache user, even if it is spawned by it. It actually uses su to change to the owner of the entry point of the app. Plain English? The user that owns the files of the app. Thus, since all the files were owned by myuser:users, I had to change the permissions for the log , files , etc directories to them as well, instead of assigning apache:apache as the owner.
Another alternative is to change the conf file for Passenger to force it to use the same credentials as apache :
PassengerDefaultUser www-data
Note that www-data is the default Apache user in Debian/Ubuntu, whereas httpd is used in CentOS/RedHat
Hope this will save someone the headache :)
Image from the official phusion passenger page