| 1 |
Etaoin Shrdlu wrote: |
| 2 |
> (btw, do gentoo initscripts |
| 3 |
> support starting multiple instances of a daemon, perhaps under different |
| 4 |
> users and using different parameters? I'd not bet on it, but I may be |
| 5 |
> wrong. If it's not supported, waiting for baselayout to support this may |
| 6 |
> take a long time, so it would be better to release the easier suid |
| 7 |
> version in the meanwhile.) |
| 8 |
|
| 9 |
It's not too hard to start a separate instance of apache. You just copy |
| 10 |
/etc/init.d/apache2 to, say, /etc/init.d/backuppcApache2. Likewise copy |
| 11 |
the /etc/conf.d scripts, and change in the backuppc one the reference to |
| 12 |
the httpd.conf to, say, /etc/BackupPC/httpd.conf. Then, in that .conf |
| 13 |
file, make sure that you change the things to be suitable for BackupPC |
| 14 |
(in particular, get rid of the lines that include *.conf's from certain |
| 15 |
directories because these will cause apache to try and use the same PID! |
| 16 |
Make sure you specify a new PID file, among a few other related things) |
| 17 |
I really don't think the ebuild should let you use the same instance of |
| 18 |
apache that /etc/init.d/apache2 starts, because this would be a security |
| 19 |
risk. For example, I use BackupPC to back up three machines, in their |
| 20 |
entirety. That means that backuppc has the rights to change any files |
| 21 |
on those three machines. I've also got a webserver running, open to the |
| 22 |
internet, on my backuppc machine. If people on the internet can access |
| 23 |
backuppc, they can pretty much access all three of those other machines. |
| 24 |
But if I run on port 8080, and have that port blocked by a firewall, |
| 25 |
this is no longer a concern. |
| 26 |
|
| 27 |
The other option is to install password protection by default, but then |
| 28 |
you have to have competent users who can change the httpd passwords. I |
| 29 |
suppose you could write this as an instruction at the end of the ebuild. |
| 30 |
But, are htaccess passwords sent in plaintext? If so, that's also a |
| 31 |
major security risk. |
| 32 |
|
| 33 |
-- |
| 34 |
Randy Barlow |
| 35 |
http://electronsweatshop.com |
| 36 |
-- |
| 37 |
gentoo-user@g.o mailing list |
Archives