1 |
On Friday 29 October 2004 01:31, Stuart Herbert wrote: |
2 |
|
3 |
> It's not possible to support non-privileged users running webapp-config |
4 |
> with the default Apache 2 MPM, as these users can't perform the chown |
5 |
> operations that the tool needs to do. We could provide a setuid-safe |
6 |
> script to do this, but that's not top of my todo list. |
7 |
|
8 |
Let's say how I would do this if I were an administrator for such a server. |
9 |
Well I'd take the easy road of doing the following: |
10 |
- Make a webpage that users/customers can select the desired webapps for their |
11 |
virtual host, including the version. With a big-fat warning that |
12 |
autoupdating by the app itself doesn't work. |
13 |
- Have that webpage append to a pending-transformation list. |
14 |
- Have a root cronjob that parses (strictly) the pending-transformation list |
15 |
and runs webapp-config for eacht of those transformations. Then the pending |
16 |
list is flushed. |
17 |
|
18 |
As the administrator I now only need to select the offered apps, the rest is |
19 |
left to the users. |
20 |
|
21 |
> The problem with each web-based package providing its own package |
22 |
> management is that you're left with widely varying quality. You also have |
23 |
> the problem that it's harder to lock down a site and prevent unauthorised |
24 |
> change. And these tools don't work too well on secured and/or disconnected |
25 |
> intranets (and these are surprising common in the public sector at least). |
26 |
> Tools that extend Portage - tools that allow for disconnected upgrades - |
27 |
> still have their advantages :) |
28 |
|
29 |
I still consider it bad design. Even though I understand the reasons. |
30 |
|
31 |
Paul |
32 |
|
33 |
-- |
34 |
Paul de Vrieze |
35 |
Gentoo Developer |
36 |
Mail: pauldv@g.o |
37 |
Homepage: http://www.devrieze.net |