| 1 |
On Friday 29 October 2004 10:55, Paul de Vrieze wrote: |
| 2 |
> Let's say how I would do this if I were an administrator for such a server. |
| 3 |
> Well I'd take the easy road of doing the following: |
| 4 |
> - Make a webpage that users/customers can select the desired webapps for |
| 5 |
> their virtual host, including the version. With a big-fat warning that |
| 6 |
> autoupdating by the app itself doesn't work. |
| 7 |
> - Have that webpage append to a pending-transformation list. |
| 8 |
> - Have a root cronjob that parses (strictly) the pending-transformation |
| 9 |
> list and runs webapp-config for eacht of those transformations. Then the |
| 10 |
> pending list is flushed. |
| 11 |
> |
| 12 |
> As the administrator I now only need to select the offered apps, the rest |
| 13 |
> is left to the users. |
| 14 |
|
| 15 |
/me nods. I want to make it possible for others to write that kind of app. |
| 16 |
But you don't need webapp-config to be setuid to do that. All you need to do |
| 17 |
is ensure that all files are owned by the user that apache runs as. |
| 18 |
|
| 19 |
You can achieve that securely by using the experimental perchild MPM (which |
| 20 |
will soon be available through Portage), or by running each site in its own |
| 21 |
chroot environment. |
| 22 |
|
| 23 |
> I still consider it bad design. Even though I understand the reasons. |
| 24 |
|
| 25 |
Sorry - that statement's ambiguious. What's the "it" that you are refering |
| 26 |
to? |
| 27 |
|
| 28 |
Best regards, |
| 29 |
Stu |
| 30 |
-- |
| 31 |
Stuart Herbert stuart@g.o |
| 32 |
Gentoo Developer http://www.gentoo.org/ |
| 33 |
http://stu.gnqs.org/diary/ |
| 34 |
|
| 35 |
GnuPG key id# F9AFC57C available from http://pgp.mit.edu |
| 36 |
Key fingerprint = 31FB 50D4 1F88 E227 F319 C549 0C2F 80BA F9AF C57C |
| 37 |
-- |
| 38 |
|
| 39 |
-- |
| 40 |
gentoo-portage-dev@g.o mailing list |
Archives