1 |
Etaoin Shrdlu wrote: |
2 |
> (btw, do gentoo initscripts |
3 |
> support starting multiple instances of a daemon, perhaps under different |
4 |
> users and using different parameters? I'd not bet on it, but I may be |
5 |
> wrong. If it's not supported, waiting for baselayout to support this may |
6 |
> take a long time, so it would be better to release the easier suid |
7 |
> version in the meanwhile.) |
8 |
|
9 |
It's not too hard to start a separate instance of apache. You just copy |
10 |
/etc/init.d/apache2 to, say, /etc/init.d/backuppcApache2. Likewise copy |
11 |
the /etc/conf.d scripts, and change in the backuppc one the reference to |
12 |
the httpd.conf to, say, /etc/BackupPC/httpd.conf. Then, in that .conf |
13 |
file, make sure that you change the things to be suitable for BackupPC |
14 |
(in particular, get rid of the lines that include *.conf's from certain |
15 |
directories because these will cause apache to try and use the same PID! |
16 |
Make sure you specify a new PID file, among a few other related things) |
17 |
I really don't think the ebuild should let you use the same instance of |
18 |
apache that /etc/init.d/apache2 starts, because this would be a security |
19 |
risk. For example, I use BackupPC to back up three machines, in their |
20 |
entirety. That means that backuppc has the rights to change any files |
21 |
on those three machines. I've also got a webserver running, open to the |
22 |
internet, on my backuppc machine. If people on the internet can access |
23 |
backuppc, they can pretty much access all three of those other machines. |
24 |
But if I run on port 8080, and have that port blocked by a firewall, |
25 |
this is no longer a concern. |
26 |
|
27 |
The other option is to install password protection by default, but then |
28 |
you have to have competent users who can change the httpd passwords. I |
29 |
suppose you could write this as an instruction at the end of the ebuild. |
30 |
But, are htaccess passwords sent in plaintext? If so, that's also a |
31 |
major security risk. |
32 |
|
33 |
-- |
34 |
Randy Barlow |
35 |
http://electronsweatshop.com |
36 |
-- |
37 |
gentoo-user@g.o mailing list |