Apache configuration and some OT

Dagmar d'Surreal dagmar.wants at nospam.com
Thu Jul 24 01:53:28 PDT 2003


On Thu, 2003-07-24 at 00:25, Alexander E. Patrakov wrote:
> On Thursday 24 July 2003 03:13, Dagmar d'Surreal wrote:
> > > 4) Some scripts that reference themselves also put links to /~smth
> > > instead of the location mentioned in request (mostly solved, we just have
> > > to tell people about SCRIPT_URL and SCRIPT_URI).
> >
> > Yes, tell them about it.  Tell them _not_ using those variables makes
> > their scripts non-portable and will be considered bugs...  Bugs that
> > will be remembered the next time an employee evaluation comes around.
> 
> They are just physicists, chemists and biologists, not web designers. They are 
> good in their fields. They just want additional publications. Knowledge of 
> the web technologies will not be required from them at their new work place, 
> if any.

Either way, they should be made aware that their scripts should never
hard-code paths if they can help it.  Considering your audience, it's
unlikely that they're not bright enough to grasp the utility of using
the variables over hard-coding paths almost immediately[1].  (Suggested
verbiage: "Doing this means you won't have to change your scripts before
submitting them for public review.")

[1] - I'm envious.

> > > It has been mentioned that mod_rewrite is the wrong solution here. What's
> > > right?
> >
> > Changing the way you work.  You have outlined an undoable set of
> > conditions.
> 
> It's always good to know _for sure_ (see OT below) that something is not 
> doable. Now we eliminated the directory listings, but left mod_rewrite in 
> place. Mapping the external URLs to internal ones, logical to physical, is 
> its job. Even an example of moving the document root is in the apache 
> documentation.
> 
> <OT severety="critical" offence="high">
> Some time ago we could not make fax reception and dial-in service (RAS) work 
> together on the same modem under Windows. It has been said by someone that 
> it's impossible with our modem. Now we use mgetty under Linux (it works 
> perfectly), but the machine suffers from frequent reboots by less educated 
> people who just want to write a CD and make sure it will be readable under 
> Windows (cdrtools and k3b are installed under Linux, a paper with 
> instructions is on the wall). So it is time for me to rethink that "fax+ras 
> impossible" statement. If anyone knows a way to enable both fax service and 
> RAS under Windows (maybe with some additional costly software), mail me 
> privately, and I will remove Linux from that computer. This will be better 
> :-( There are people that cannot be taught :-(
> </OT>

Yech.  Give 'em a directory to stick the files in and an icon on the
desktop then.  ;)

> > Unless you're ignoring some of the many places on the web where the
> > Apache team say that the webserver should run as it's own userid and
> > groupid, no one but the webserver and the system administrator should be
> > able to read these scripts directly once they're in the DocumentRoot and
> > have their permissions set. 
> 
> I see. You mean chown apache:apache bad.cgi && chmod 500 bad.cgi

Well, the authors could /probably/ be allowed to read their own scripts
so they don't get confused about what version they've published.   The
idea is to prevent a user with a local account from getting the source
from other people's work and plagarizing and/or having a very easy way
to find exploits in it.

> This will require me to copy stuff to DocumentRoot at least once a day. I am 
> too lazy. I would rather allow authors to modify their pages, e.g. to add new 
> tasks and new tests for students of the biological department.

Let apache own the web pages, give each user their own group (one of the
reasons some distros do this) and give 'em each a directory under
DocRoot that's group-writeable by their special group.  (or... *shudder*
symlink or hardlink from those spots in DocRoot to their special
directory)

> Although... I shall talk again with my boss. He says "we will drown if we will 
> check and publish each page instead of delegating this task to professors". 
> But the quality of the published materials is rather bad (e.g. they copied a 
> javascript from third-party site without deleting unneeded parts that load 
> banners). Again, we should rethink many decisions...

Yep.  Getting users to not attempt the impossible is even harder than
doing the impossible IMHO.  Good luck to you.
-- 
The email address above is just as phony as it looks, and for obvious reasons.
Instant messaging contact nfo: AIM: evilDagmar  Jabber: evilDagmar at jabber.org

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list