| 1 |
Quoting Stuart Herbert <stuart@g.o>: |
| 2 |
|
| 3 |
>> One question though. Why do all |
| 4 |
>> ebuilds currently insist on making files owned by the web user (apache)? |
| 5 |
>> Seems very wrong to me as the apache user is able to write to the |
| 6 |
>> applications. It seems just like giving ownership to a regular user |
| 7 |
>> account for other applications. |
| 8 |
> |
| 9 |
> Because most web apps are badly written, and rely on write access to |
| 10 |
> directories on the machine. Sorry - I just can't think of a polite way |
| 11 |
> to put that ;-) |
| 12 |
|
| 13 |
Not all applications. The ones I've been dealing with work perfectly well |
| 14 |
having all the files owned by root. I'm speaking of the entire Horde suite |
| 15 |
(and not just because I'm on the Horde team ;-)), phpMyAdmin, mailman, etc. |
| 16 |
I would really urge to only make the files owned by the web user when |
| 17 |
absolutely necessary. |
| 18 |
|
| 19 |
> As an interesting aside, because we run apache under the apache user |
| 20 |
> (rather than a nobody user), it'll make the business of supporting |
| 21 |
> multiple web servers quite a mess. I mean, if you install tikiwiki, |
| 22 |
> which user should own it?!? |
| 23 |
|
| 24 |
I'd say we have to pick a de-facto web server and install all apps based on |
| 25 |
that. If a user wants a webserver other than apache, it is really easy to |
| 26 |
chown all the files (if that is all that has to be done). And if an |
| 27 |
application doesn't require being owned by the web user, things are even |
| 28 |
easier. The only thing that has to be done is to do a configuration block |
| 29 |
similar to how apache needs it, and that can eventually be worked into that |
| 30 |
eclass I posted earlier -- if that is the way we want to go. |
| 31 |
|
| 32 |
> I read your post about having proposed this before, but with no real |
| 33 |
> response. Tell you what - if no-one else sends through any feedback, I |
| 34 |
> guess no-one would really notice if we went ahead and just did this? ;-) |
| 35 |
|
| 36 |
:-) I'll wait a day or so. If you want to discuss this further, catch me |
| 37 |
on irc (alkern). |
| 38 |
|
| 39 |
--mk |
| 40 |
|
| 41 |
-- |
| 42 |
gentoo-dev@g.o mailing list |
Archives