From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5536 invoked by uid 1002); 23 Jul 2003 14:54:26 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 8499 invoked from network); 23 Jul 2003 14:54:26 -0000 Date: Wed, 23 Jul 2003 07:54:23 -0700 From: Max Kalika To: stuart@gentoo.org, gentoo-dev@gentoo.org Message-ID: <261493890.1058946863@[192.168.23.5]> In-Reply-To: <200307231542.48550.stuart@gentoo.org> References: <200307231512.51710.stuart@gentoo.org> <259972390.1058945342@[192.168.23.5]> <200307231542.48550.stuart@gentoo.org> X-Mailer: Mulberry/3.0.3 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: [gentoo-dev] Poll: Where should web applications be installed? X-Archives-Salt: e84b8519-4dd6-42be-9cfc-df061673a8ad X-Archives-Hash: 0ec4d1ea625dc354d5268129157045a8 Quoting Stuart Herbert : >> One question though. Why do all >> ebuilds currently insist on making files owned by the web user (apache)? >> Seems very wrong to me as the apache user is able to write to the >> applications. It seems just like giving ownership to a regular user >> account for other applications. > > Because most web apps are badly written, and rely on write access to > directories on the machine. Sorry - I just can't think of a polite way > to put that ;-) Not all applications. The ones I've been dealing with work perfectly well having all the files owned by root. I'm speaking of the entire Horde suite (and not just because I'm on the Horde team ;-)), phpMyAdmin, mailman, etc. I would really urge to only make the files owned by the web user when absolutely necessary. > As an interesting aside, because we run apache under the apache user > (rather than a nobody user), it'll make the business of supporting > multiple web servers quite a mess. I mean, if you install tikiwiki, > which user should own it?!? I'd say we have to pick a de-facto web server and install all apps based on that. If a user wants a webserver other than apache, it is really easy to chown all the files (if that is all that has to be done). And if an application doesn't require being owned by the web user, things are even easier. The only thing that has to be done is to do a configuration block similar to how apache needs it, and that can eventually be worked into that eclass I posted earlier -- if that is the way we want to go. > I read your post about having proposed this before, but with no real > response. Tell you what - if no-one else sends through any feedback, I > guess no-one would really notice if we went ahead and just did this? ;-) :-) I'll wait a day or so. If you want to discuss this further, catch me on irc (alkern). --mk -- gentoo-dev@gentoo.org mailing list