1 |
On Wed, Jul 23, 2003 at 10:18:40PM -0400, Aron Griffis wrote: |
2 |
> Robin H.Johnson wrote: [Wed Jul 23 2003, 04:31:52AM EDT] |
3 |
> > After the 1.4 release (maybe before, depending on how busy I am with |
4 |
> > work), there will be a migration of all web applications to install |
5 |
> > somewhere like /usr/share/webapp/${P} (maybe ${PF}) |
6 |
> |
7 |
> This doesn't sound right to me since /usr should be mountable read-only. |
8 |
> Don't many/most web applications need to be able to write to their |
9 |
> installation area? I personally like the Debian solution of /var/www |
10 |
I agree totally with keeping /usr read-only during normal system use. |
11 |
|
12 |
Very few applications do write their directories, and those that do are |
13 |
in the great majority of cases broken. This is because this requires that their |
14 |
directories have permissions suitable for the webserver to write to |
15 |
them. |
16 |
|
17 |
ALL of /usr/share/webapp will be chown root.root, with mode 755 for |
18 |
directories, and 644 for files. |
19 |
|
20 |
Under my solution the application THINKS it is running in the instance |
21 |
directory. |
22 |
|
23 |
The key thing is this inside the .htaccess file for each instance: |
24 |
php_value include_path ".:/usr/share/webapp/${P}" |
25 |
|
26 |
Then they have whatever access to . and read-only to |
27 |
/usr/share/webapp/${P}. |
28 |
|
29 |
Say a web application requires a config file 'config.php'. |
30 |
You could then have two instances |
31 |
/var/www/site1/webapp/ |
32 |
/var/www/site2/webapp/ |
33 |
Where each directory contains only two files, 'config.php' and '.htaccess'. |
34 |
|
35 |
Now even if somebody were to break in and get your PHP to run arbitrary |
36 |
code, their damage would be limited to those two files (and anything |
37 |
else the apache user has permissions to, which does NOT include the |
38 |
actual webapp. |
39 |
|
40 |
If you wanted to seriously customize an instance, all that would be |
41 |
needed would be to copy the file from /usr/share/webapp/${P} to your |
42 |
instance directory, and modify the copy in your instance directory. |
43 |
|
44 |
In my entire time as a PHP programmer, I have seen only one instance |
45 |
where an application really needed access to a local directory to write |
46 |
files, and that was only because of a shortcoming in the API used, that |
47 |
could not send data directly but had to build it on disk (PDF creation |
48 |
stuff). |
49 |
|
50 |
-- |
51 |
Robin Hugh Johnson |
52 |
E-Mail : robbat2@××××××××××××××.net |
53 |
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 |
54 |
ICQ# : 30269588 or 41961639 |
55 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |