[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Directory structure

To: "Chuck" <chuck@snew.com>
Subject: Re: Directory structure
From: "Nicholas Lee" <nj.lee@kiwa.co.nz>
Date: Mon, 6 Mar 2000 19:47:47 +1300
Cc: "eric jackson" <shinobi@monkey.org>, <misc@openbsd.org>
References: <Pine.BSO.4.10.10003031708200.16799-100000@funky.monkey.org> <00ce01bf8694$012be940$0708a8c0@kiwa.co.nz> <20000305142503.A20384@yerkes.com>

> The main one is that cgi scripts are chrooted.  Not a problem if
> they are binaries, but until there's a perl compiler that's stable,
> I need to put perl under the chroot.  Unideal, but makes me feel

I assume you don't have to go as far as including things as
/usr/lib/apache/modules/libphp3.so.

> better that my stub partition,/var/www/, is readonly with the data
> mounted rw under /var/www/DATA/ (which contains htdocs and another
> area for data to be written that's not browsable).

Nice idea.  Troublesome though if you have a busy site and need to update
executables or libraries.

> The other tweak is that you likely need /dev files and perhaps a library
> or two under /var/www/usr/lib/.

Is there a particular way to find out what /dev files I might need?  I
assume a /var/www/dev/log syslog socket similar to bind, but what else.

> I've done this for 6 years and been less concerned about exploits in
> CERN's daemon and NCSA's.  All I can lose is www data is easily replaced
> from the source machine.  It's a Good Thing.

I'm going to do it myself, problem of course that its rather invasive, plus
requiring a lot of duplication.

Thanks,
Nicholas

References:
- Re: Directory structure
  - From: eric jackson <shinobi@monkey.org>
- Re: Directory structure
  - From: "Nicholas Lee" <nj.lee@kiwa.co.nz>
- Re: Directory structure
  - From: Chuck <chuck@snew.com>

Prev by Date: No catman question
Next by Date: Re: ftp timeouts?
Prev by thread: Re: Directory structure
Next by thread: Re: Directory structure
Index(es):
- Date
- Thread