| 1 |
On Thursday 28 October 2004 22:48, Anthony Gorecki wrote: |
| 2 |
> I concur with Wendall's decision; I don't use it because I've found that it |
| 3 |
> creates -more- work than manually installing web applications. See your |
| 4 |
> comment on self-configuring web applications. |
| 5 |
|
| 6 |
Hrm ... I haven't made any comment on self-configuring web applications. |
| 7 |
|
| 8 |
> In addition, some web applications will download their own source files on |
| 9 |
> demand and update themselves on demand, in a manner similar to Portage. |
| 10 |
> webapp-config would be completely unsuitable for these applications. |
| 11 |
|
| 12 |
And so is Portage ;-) |
| 13 |
|
| 14 |
Until UPSTREAM apps play nicely, this will always be a problem with any tool |
| 15 |
that anyone writes. And UPSTREAM can't play nicely until there's a tool to |
| 16 |
play nicely with. |
| 17 |
|
| 18 |
> As a second addition to the above, and in response to "Web applications |
| 19 |
> should not be owned by the same user as the web server," some web |
| 20 |
> applications -should- and are -designed and required- to be owned by the |
| 21 |
> web server's user. |
| 22 |
|
| 23 |
webapp-config copes with this just fine; Portage cannot. It also allows you |
| 24 |
to have application config files owned by a different shell user if you need. |
| 25 |
|
| 26 |
We're also looking at adding support for alternative MPM's for Apache 2, so |
| 27 |
that individual websites can be wholy owned by a single shell account, for |
| 28 |
added security. |
| 29 |
|
| 30 |
> In these cases, additional backend configuration is necessary to protect |
| 31 |
> websites from unauthorized access (PHP's open_basedir, for example), |
| 32 |
> however this would be soley the responsibility of web host and the script. |
| 33 |
|
| 34 |
The next version of webapp-config will be able to handle that sort of |
| 35 |
configuration too. We need to provide a tool to do it; we can't expect all |
| 36 |
of our users to have the skills to secure a PHP app by hand. |
| 37 |
|
| 38 |
> webapp-config should be completely oblivious to this, as these safeguards |
| 39 |
> would obviously beyond the scope of the program; however, it should support |
| 40 |
> the functionality if it is required. |
| 41 |
|
| 42 |
Why 'obviously' beyond the scope? |
| 43 |
|
| 44 |
Every web-based app installed on practically every platform out there is |
| 45 |
hampered by the limited capabilities of package managers and current |
| 46 |
automated installers. |
| 47 |
|
| 48 |
We're going to have to get there a step at a time, but I think it's worth the |
| 49 |
effort. |
| 50 |
|
| 51 |
> If the vhost flag is not set, is there a way to alter the install location |
| 52 |
> from /var/www/localhost? If there isn't, why isn't there? I haven't had a |
| 53 |
> chance to look through all of the software resources for this program, |
| 54 |
> though I haven't seen anything helpful this far. |
| 55 |
|
| 56 |
Take a look at /etc/vhosts/webapp-config and the man page for webapp-config.5. |
| 57 |
The support you need is there. I don't run any of own sites from /var/www. |
| 58 |
|
| 59 |
'localhost' *is* currently hard-coded as the hostname that an app is installed |
| 60 |
into when USE=-vhosts. This is something we can change. |
| 61 |
|
| 62 |
Best regards, |
| 63 |
Stu |
| 64 |
-- |
| 65 |
Stuart Herbert stuart@g.o |
| 66 |
Gentoo Developer http://www.gentoo.org/ |
| 67 |
http://stu.gnqs.org/diary/ |
| 68 |
|
| 69 |
GnuPG key id# F9AFC57C available from http://pgp.mit.edu |
| 70 |
Key fingerprint = 31FB 50D4 1F88 E227 F319 C549 0C2F 80BA F9AF C57C |
| 71 |
-- |
| 72 |
|
| 73 |
-- |
| 74 |
gentoo-portage-dev@g.o mailing list |
Archives