Mailinglist Archive: opensuse-packaging (232 mails)
| < Previous | Next > |
Re: [opensuse-packaging] PHP application packaging
- From: Ralf Lang <lang@xxxxxxxxxxxxx>
- Date: Mon, 13 Feb 2012 16:27:13 +0100
- Message-id: <4F392BD1.10907@b1-systems.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 13.02.2012 14:55, schrieb Christian:
Pear apps usually install themselves distributed over peardir,
www_dir, bin_dir, data_dir etc whatever they are set to. If a php app
includes cli parts, these should be where the distribution places
"commands" (binaries to run from the shell).
To me, /srv/ should be for user data (and apps that cannot be split
into immutable parts and mutable parts are like mutable data)
I like them too. On local network.
* But making an app run which requires a specific apache extension
requires restarting (reloading?) apache and disturbing running
operations. I do not want this triggered by rpm.
* Some apps expose functionality which you don't want to over via web.
Example: Horde comes with a system shell and a php shell for
admins. The default config authenticates anyone as the administrator
until another backend is configured. If you have a system with relaxed
/home/ security this means anybody who can access your host can browse
all user's data. I don't like that. Granted, most web apps don't
provide such and it could be configured away. But still.
- --
Ralf Lang
Linux Consultant / Developer
Tel.: +49-170-6381563
Mail: lang@xxxxxxxxxxxxx
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk85K9EACgkQCs1dsHJ/X7AD9wCgl0J6N5M68JSf0eV6xLHIVnnv
8DMAnAodH+KpmOJNsHx7Srm+WFq4wPNF
=AGjo
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx
Hash: SHA1
Am 13.02.2012 14:55, schrieb Christian:
Hi Ludwig,
The latter is certainly wrong as the web server allows fullEver thought /usr/share/NAME is for files "shared" to other apps,
access to those files by default then. IMO /srv/www/ is also the
wrong location. Just put the files in /usr/share/NAME or
/usr/lib/NAME like any other non-web application would do it.
isn't it. For me a "webapp" should have its files in
/srv/www/NAME.
Pear apps usually install themselves distributed over peardir,
www_dir, bin_dir, data_dir etc whatever they are set to. If a php app
includes cli parts, these should be where the distribution places
"commands" (binaries to run from the shell).
To me, /srv/ should be for user data (and apps that cannot be split
into immutable parts and mutable parts are like mutable data)
Proper packages have their program code in a read only locationagreed.
and config files in /etc/. I don't understand why web stuff
should be any different there even though sloppy programming
seems to be more common in that area.
We have a policy to not enable daemons by default to avoidYes, I agree partly. as an example postfix is installed by default,
accidentally wide open systems. That's a good practice for any
kind of service IMO. Unfortunately we lack infrastucture and
tools to manage web apps properly. A tool like chkconfig that
also understands virtualhosts etc would be nice, wouldn't it?
:-)
but should not be open to the world. OK But when I "definitly"
install a webapp (webmailer) I want to have it "work" when I start
apache. I like "ready-to-run" installations. ;)
I like them too. On local network.
* But making an app run which requires a specific apache extension
requires restarting (reloading?) apache and disturbing running
operations. I do not want this triggered by rpm.
* Some apps expose functionality which you don't want to over via web.
Example: Horde comes with a system shell and a php shell for
admins. The default config authenticates anyone as the administrator
until another backend is configured. If you have a system with relaxed
/home/ security this means anybody who can access your host can browse
all user's data. I don't like that. Granted, most web apps don't
provide such and it could be configured away. But still.
- --
Ralf Lang
Linux Consultant / Developer
Tel.: +49-170-6381563
Mail: lang@xxxxxxxxxxxxx
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk85K9EACgkQCs1dsHJ/X7AD9wCgl0J6N5M68JSf0eV6xLHIVnnv
8DMAnAodH+KpmOJNsHx7Srm+WFq4wPNF
=AGjo
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx
| < Previous | Next > |