Re: [gentoo-dev] Web Application installations

[Robin H.Johnson <robbat2@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 2436 bytes --]

On Wed, Jul 23, 2003 at 10:18:40PM -0400, Aron Griffis wrote:
> Robin H.Johnson wrote:	[Wed Jul 23 2003, 04:31:52AM EDT]
> > After the 1.4 release (maybe before, depending on how busy I am with
> > work), there will be a migration of all web applications to install
> > somewhere like /usr/share/webapp/${P} (maybe ${PF})
> 
> This doesn't sound right to me since /usr should be mountable read-only.
> Don't many/most web applications need to be able to write to their
> installation area?  I personally like the Debian solution of /var/www
I agree totally with keeping /usr read-only during normal system use.

Very few applications do write their directories, and those that do are
in the great majority of cases broken. This is because this requires that their
directories have permissions suitable for the webserver to write to
them.

ALL of /usr/share/webapp will be chown root.root, with mode 755 for
directories, and 644 for files.

Under my solution the application THINKS it is running in the instance
directory.

The key thing is this inside the .htaccess file for each instance:
php_value include_path ".:/usr/share/webapp/${P}"

Then they have whatever access to . and read-only to
/usr/share/webapp/${P}.

Say a web application requires a config file 'config.php'.
You could then have two instances
/var/www/site1/webapp/
/var/www/site2/webapp/
Where each directory contains only two files, 'config.php' and '.htaccess'.

Now even if somebody were to break in and get your PHP to run arbitrary
code, their damage would be limited to those two files (and anything
else the apache user has permissions to, which does NOT include the
actual webapp.

If you wanted to seriously customize an instance, all that would be
needed would be to copy the file from /usr/share/webapp/${P} to your
instance directory, and modify the copy in your instance directory.

In my entire time as a PHP programmer, I have seen only one instance
where an application really needed access to a local directory to write
files, and that was only because of a shortcoming in the API used, that
could not send data directly but had to build it on disk (PDF creation
stuff).

-- 
Robin Hugh Johnson
E-Mail     : robbat2@orbis-terrarum.net
Home Page  : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ#       : 30269588 or 41961639
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]