On Wed, Jul 23, 2003 at 10:18:40PM -0400, Aron Griffis wrote: > Robin H.Johnson wrote: [Wed Jul 23 2003, 04:31:52AM EDT] > > After the 1.4 release (maybe before, depending on how busy I am with > > work), there will be a migration of all web applications to install > > somewhere like /usr/share/webapp/${P} (maybe ${PF}) > > This doesn't sound right to me since /usr should be mountable read-only. > Don't many/most web applications need to be able to write to their > installation area? I personally like the Debian solution of /var/www I agree totally with keeping /usr read-only during normal system use. Very few applications do write their directories, and those that do are in the great majority of cases broken. This is because this requires that their directories have permissions suitable for the webserver to write to them. ALL of /usr/share/webapp will be chown root.root, with mode 755 for directories, and 644 for files. Under my solution the application THINKS it is running in the instance directory. The key thing is this inside the .htaccess file for each instance: php_value include_path ".:/usr/share/webapp/${P}" Then they have whatever access to . and read-only to /usr/share/webapp/${P}. Say a web application requires a config file 'config.php'. You could then have two instances /var/www/site1/webapp/ /var/www/site2/webapp/ Where each directory contains only two files, 'config.php' and '.htaccess'. Now even if somebody were to break in and get your PHP to run arbitrary code, their damage would be limited to those two files (and anything else the apache user has permissions to, which does NOT include the actual webapp. If you wanted to seriously customize an instance, all that would be needed would be to copy the file from /usr/share/webapp/${P} to your instance directory, and modify the copy in your instance directory. In my entire time as a PHP programmer, I have seen only one instance where an application really needed access to a local directory to write files, and that was only because of a shortcoming in the API used, that could not send data directly but had to build it on disk (PDF creation stuff). -- Robin Hugh Johnson E-Mail : robbat2@orbis-terrarum.net Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 ICQ# : 30269588 or 41961639 GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85