1 |
On Friday 29 October 2004 10:55, Paul de Vrieze wrote: |
2 |
> Let's say how I would do this if I were an administrator for such a server. |
3 |
> Well I'd take the easy road of doing the following: |
4 |
> - Make a webpage that users/customers can select the desired webapps for |
5 |
> their virtual host, including the version. With a big-fat warning that |
6 |
> autoupdating by the app itself doesn't work. |
7 |
> - Have that webpage append to a pending-transformation list. |
8 |
> - Have a root cronjob that parses (strictly) the pending-transformation |
9 |
> list and runs webapp-config for eacht of those transformations. Then the |
10 |
> pending list is flushed. |
11 |
> |
12 |
> As the administrator I now only need to select the offered apps, the rest |
13 |
> is left to the users. |
14 |
|
15 |
/me nods. I want to make it possible for others to write that kind of app. |
16 |
But you don't need webapp-config to be setuid to do that. All you need to do |
17 |
is ensure that all files are owned by the user that apache runs as. |
18 |
|
19 |
You can achieve that securely by using the experimental perchild MPM (which |
20 |
will soon be available through Portage), or by running each site in its own |
21 |
chroot environment. |
22 |
|
23 |
> I still consider it bad design. Even though I understand the reasons. |
24 |
|
25 |
Sorry - that statement's ambiguious. What's the "it" that you are refering |
26 |
to? |
27 |
|
28 |
Best regards, |
29 |
Stu |
30 |
-- |
31 |
Stuart Herbert stuart@g.o |
32 |
Gentoo Developer http://www.gentoo.org/ |
33 |
http://stu.gnqs.org/diary/ |
34 |
|
35 |
GnuPG key id# F9AFC57C available from http://pgp.mit.edu |
36 |
Key fingerprint = 31FB 50D4 1F88 E227 F319 C549 0C2F 80BA F9AF C57C |
37 |
-- |
38 |
|
39 |
-- |
40 |
gentoo-portage-dev@g.o mailing list |