From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17943 invoked from network); 30 Oct 2004 10:17:43 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 30 Oct 2004 10:17:43 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CNqIp-0008P1-ET for arch-gentoo-portage-dev@lists.gentoo.org; Sat, 30 Oct 2004 10:17:43 +0000 Received: (qmail 5181 invoked by uid 89); 30 Oct 2004 10:17:41 +0000 Mailing-List: contact gentoo-portage-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail Reply-To: gentoo-portage-dev@lists.gentoo.org X-BeenThere: gentoo-portage-dev@gentoo.org Received: (qmail 32528 invoked from network); 30 Oct 2004 10:17:41 +0000 From: Stuart Herbert Reply-To: stuart@gentoo.org Organization: Gentoo Linux Project To: gentoo-portage-dev@lists.gentoo.org Date: Sat, 30 Oct 2004 11:17:39 +0100 User-Agent: KMail/1.7.1 References: <1098993757.9091.107.camel@www.toruslaptop.com> <200410290031.08751.stuart@gentoo.org> <200410291155.32852.pauldv@gentoo.org> In-Reply-To: <200410291155.32852.pauldv@gentoo.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200410301117.39860.stuart@gentoo.org> Subject: Re: [gentoo-portage-dev] webapp-config and webapps X-Archives-Salt: c411ff7c-64ed-42df-843e-328e76f5300e X-Archives-Hash: 2af4d625e500c9469a5de6a34557f1e2 On Friday 29 October 2004 10:55, Paul de Vrieze wrote: > Let's say how I would do this if I were an administrator for such a server. > Well I'd take the easy road of doing the following: > - Make a webpage that users/customers can select the desired webapps for > their virtual host, including the version. With a big-fat warning that > autoupdating by the app itself doesn't work. > - Have that webpage append to a pending-transformation list. > - Have a root cronjob that parses (strictly) the pending-transformation > list and runs webapp-config for eacht of those transformations. Then the > pending list is flushed. > > As the administrator I now only need to select the offered apps, the rest > is left to the users. /me nods. I want to make it possible for others to write that kind of app. But you don't need webapp-config to be setuid to do that. All you need to do is ensure that all files are owned by the user that apache runs as. You can achieve that securely by using the experimental perchild MPM (which will soon be available through Portage), or by running each site in its own chroot environment. > I still consider it bad design. Even though I understand the reasons. Sorry - that statement's ambiguious. What's the "it" that you are refering to? Best regards, Stu -- Stuart Herbert stuart@gentoo.org Gentoo Developer http://www.gentoo.org/ http://stu.gnqs.org/diary/ GnuPG key id# F9AFC57C available from http://pgp.mit.edu Key fingerprint = 31FB 50D4 1F88 E227 F319 C549 0C2F 80BA F9AF C57C -- -- gentoo-portage-dev@gentoo.org mailing list