1 |
Quoting Stuart Herbert <stuart@g.o>: |
2 |
|
3 |
>> One question though. Why do all |
4 |
>> ebuilds currently insist on making files owned by the web user (apache)? |
5 |
>> Seems very wrong to me as the apache user is able to write to the |
6 |
>> applications. It seems just like giving ownership to a regular user |
7 |
>> account for other applications. |
8 |
> |
9 |
> Because most web apps are badly written, and rely on write access to |
10 |
> directories on the machine. Sorry - I just can't think of a polite way |
11 |
> to put that ;-) |
12 |
|
13 |
Not all applications. The ones I've been dealing with work perfectly well |
14 |
having all the files owned by root. I'm speaking of the entire Horde suite |
15 |
(and not just because I'm on the Horde team ;-)), phpMyAdmin, mailman, etc. |
16 |
I would really urge to only make the files owned by the web user when |
17 |
absolutely necessary. |
18 |
|
19 |
> As an interesting aside, because we run apache under the apache user |
20 |
> (rather than a nobody user), it'll make the business of supporting |
21 |
> multiple web servers quite a mess. I mean, if you install tikiwiki, |
22 |
> which user should own it?!? |
23 |
|
24 |
I'd say we have to pick a de-facto web server and install all apps based on |
25 |
that. If a user wants a webserver other than apache, it is really easy to |
26 |
chown all the files (if that is all that has to be done). And if an |
27 |
application doesn't require being owned by the web user, things are even |
28 |
easier. The only thing that has to be done is to do a configuration block |
29 |
similar to how apache needs it, and that can eventually be worked into that |
30 |
eclass I posted earlier -- if that is the way we want to go. |
31 |
|
32 |
> I read your post about having proposed this before, but with no real |
33 |
> response. Tell you what - if no-one else sends through any feedback, I |
34 |
> guess no-one would really notice if we went ahead and just did this? ;-) |
35 |
|
36 |
:-) I'll wait a day or so. If you want to discuss this further, catch me |
37 |
on irc (alkern). |
38 |
|
39 |
--mk |
40 |
|
41 |
-- |
42 |
gentoo-dev@g.o mailing list |