| 1 |
On 12/05/2013 11:32 AM, Anthony G. Basile wrote: |
| 2 |
> |
| 3 |
> My student (gentoo dev twitch153) and I are maintaining webapp-config. |
| 4 |
> We're both upstream and the ebuild maintainer. |
| 5 |
> |
| 6 |
|
| 7 |
Here's a hopefully-short version of our situation. Among other things, |
| 8 |
we do web hosting for small businesses. These kinds of places have |
| 9 |
neither the expertise nor interest to manage a website on a shared |
| 10 |
hosting service, so they pay us a little bit more to do it all for them. |
| 11 |
|
| 12 |
So we're running Wordpress, Drupal, Joomla, etc. as well as a number of |
| 13 |
custom sites, and we keep them all up-to-date. Not just the CMSes, but |
| 14 |
the plugins and whatever else, too. |
| 15 |
|
| 16 |
For security, I want the sites as isolated as possible. An exploit on |
| 17 |
one customer's site shouldn't be able to affect another. For that, we |
| 18 |
use mpm-itk and isolate each site under its own |
| 19 |
/var/www/${domain}/${host} directory. The temporary directories for PHP |
| 20 |
are overridden. Other developers besides me need full write access to |
| 21 |
these directories, but the apps themselves only need read/traverse with |
| 22 |
write access to an "upload" folder. We use POSIX ACLs to achieve this, |
| 23 |
and I've written a utility and patches to make that not suck so |
| 24 |
much[1][2][3]. (Someday I dream of getting the apply-default-acl |
| 25 |
algorithm upstreamed into libacl so that coreutils et al. could use it.) |
| 26 |
|
| 27 |
Most sites are kind of standard, but there are differences between them. |
| 28 |
We do all of the QA after an upgrade, so if I upgrade, say, Wordpress |
| 29 |
for www.example.com, I have to run through a bunch of checks to make |
| 30 |
sure it still works. That can take maybe an hour. Since the upgrades do |
| 31 |
break things occasionally, we have to do them one-at-a-time; otherwise, |
| 32 |
20 sites would be broken while we QA the first one. The same goes for |
| 33 |
the plugins/modules. |
| 34 |
|
| 35 |
So basically, every website needs its own copy of the web app and has |
| 36 |
its own set of permissions. I don't doubt that webapp-config could be |
| 37 |
made to do this, but I'm sceptical that the result would be less complex |
| 38 |
than "everybody gets their own copy" and a makefile to set the |
| 39 |
permissions. Space isn't an issue, so de-duping the apps isn't a huge |
| 40 |
gain for us. I would love to be proven wrong though! |
| 41 |
|
| 42 |
On the other hand, dependency management is critical, and greatly |
| 43 |
simplifies the job of me not accidentally breaking something. I need to |
| 44 |
be sure that if a php USE flag gets unset by default, and |
| 45 |
www.example.com relies on it, that I don't unwittingly update and break |
| 46 |
the site. Simply copying the webapp ebuilds and deleting SRC_URI is a |
| 47 |
huge gain for little investment. |
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
[1] |
| 52 |
https://michael.orlitzky.com/articles/problems_with_posix_acls_and_common_utilities.php |
| 53 |
|
| 54 |
[2] |
| 55 |
https://michael.orlitzky.com/articles/fixing_posix_acls_in_common_utilities.php |
| 56 |
|
| 57 |
[3] https://michael.orlitzky.com/code/apply-default-acl.php |
Archives