From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 32599 invoked from network); 28 Oct 2004 22:13:15 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 28 Oct 2004 22:13:15 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CNIWA-0007iZ-W8 for arch-gentoo-portage-dev@lists.gentoo.org; Thu, 28 Oct 2004 22:13:15 +0000 Received: (qmail 28604 invoked by uid 89); 28 Oct 2004 22:13:13 +0000 Mailing-List: contact gentoo-portage-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail Reply-To: gentoo-portage-dev@lists.gentoo.org X-BeenThere: gentoo-portage-dev@gentoo.org Received: (qmail 18350 invoked from network); 28 Oct 2004 22:13:13 +0000 From: Stuart Herbert Reply-To: stuart@gentoo.org Organization: Gentoo Linux Project To: gentoo-portage-dev@lists.gentoo.org Date: Thu, 28 Oct 2004 23:13:11 +0100 User-Agent: KMail/1.7.1 References: <1098993757.9091.107.camel@www.toruslaptop.com> <200410282213.40530.stuart@gentoo.org> <200410281448.23560.anthony@ectrolinux.com> In-Reply-To: <200410281448.23560.anthony@ectrolinux.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200410282313.11819.stuart@gentoo.org> Subject: Re: [gentoo-portage-dev] webapp-config and webapps X-Archives-Salt: 0ccae003-c3f7-494a-ba69-318b499fb9f7 X-Archives-Hash: c84ff6ee89c094deab10e2a3d1d262dc On Thursday 28 October 2004 22:48, Anthony Gorecki wrote: > I concur with Wendall's decision; I don't use it because I've found that it > creates -more- work than manually installing web applications. See your > comment on self-configuring web applications. Hrm ... I haven't made any comment on self-configuring web applications. > In addition, some web applications will download their own source files on > demand and update themselves on demand, in a manner similar to Portage. > webapp-config would be completely unsuitable for these applications. And so is Portage ;-) Until UPSTREAM apps play nicely, this will always be a problem with any tool that anyone writes. And UPSTREAM can't play nicely until there's a tool to play nicely with. > As a second addition to the above, and in response to "Web applications > should not be owned by the same user as the web server," some web > applications -should- and are -designed and required- to be owned by the > web server's user. webapp-config copes with this just fine; Portage cannot. It also allows you to have application config files owned by a different shell user if you need. We're also looking at adding support for alternative MPM's for Apache 2, so that individual websites can be wholy owned by a single shell account, for added security. > In these cases, additional backend configuration is necessary to protect > websites from unauthorized access (PHP's open_basedir, for example), > however this would be soley the responsibility of web host and the script. The next version of webapp-config will be able to handle that sort of configuration too. We need to provide a tool to do it; we can't expect all of our users to have the skills to secure a PHP app by hand. > webapp-config should be completely oblivious to this, as these safeguards > would obviously beyond the scope of the program; however, it should support > the functionality if it is required. Why 'obviously' beyond the scope? Every web-based app installed on practically every platform out there is hampered by the limited capabilities of package managers and current automated installers. We're going to have to get there a step at a time, but I think it's worth the effort. > If the vhost flag is not set, is there a way to alter the install location > from /var/www/localhost? If there isn't, why isn't there? I haven't had a > chance to look through all of the software resources for this program, > though I haven't seen anything helpful this far. Take a look at /etc/vhosts/webapp-config and the man page for webapp-config.5. The support you need is there. I don't run any of own sites from /var/www. 'localhost' *is* currently hard-coded as the hostname that an app is installed into when USE=-vhosts. This is something we can change. Best regards, Stu -- Stuart Herbert stuart@gentoo.org Gentoo Developer http://www.gentoo.org/ http://stu.gnqs.org/diary/ GnuPG key id# F9AFC57C available from http://pgp.mit.edu Key fingerprint = 31FB 50D4 1F88 E227 F319 C549 0C2F 80BA F9AF C57C -- -- gentoo-portage-dev@gentoo.org mailing list