| 1 |
On Friday 29 October 2004 01:31, Stuart Herbert wrote: |
| 2 |
|
| 3 |
> It's not possible to support non-privileged users running webapp-config |
| 4 |
> with the default Apache 2 MPM, as these users can't perform the chown |
| 5 |
> operations that the tool needs to do. We could provide a setuid-safe |
| 6 |
> script to do this, but that's not top of my todo list. |
| 7 |
|
| 8 |
Let's say how I would do this if I were an administrator for such a server. |
| 9 |
Well I'd take the easy road of doing the following: |
| 10 |
- Make a webpage that users/customers can select the desired webapps for their |
| 11 |
virtual host, including the version. With a big-fat warning that |
| 12 |
autoupdating by the app itself doesn't work. |
| 13 |
- Have that webpage append to a pending-transformation list. |
| 14 |
- Have a root cronjob that parses (strictly) the pending-transformation list |
| 15 |
and runs webapp-config for eacht of those transformations. Then the pending |
| 16 |
list is flushed. |
| 17 |
|
| 18 |
As the administrator I now only need to select the offered apps, the rest is |
| 19 |
left to the users. |
| 20 |
|
| 21 |
> The problem with each web-based package providing its own package |
| 22 |
> management is that you're left with widely varying quality. You also have |
| 23 |
> the problem that it's harder to lock down a site and prevent unauthorised |
| 24 |
> change. And these tools don't work too well on secured and/or disconnected |
| 25 |
> intranets (and these are surprising common in the public sector at least). |
| 26 |
> Tools that extend Portage - tools that allow for disconnected upgrades - |
| 27 |
> still have their advantages :) |
| 28 |
|
| 29 |
I still consider it bad design. Even though I understand the reasons. |
| 30 |
|
| 31 |
Paul |
| 32 |
|
| 33 |
-- |
| 34 |
Paul de Vrieze |
| 35 |
Gentoo Developer |
| 36 |
Mail: pauldv@g.o |
| 37 |
Homepage: http://www.devrieze.net |
Archives