On Mon, Sep 13, 1999 at 07:49:42PM +0000, Rolf Krahl wrote:
In article <19990902114600.D22734@suse.de>, "Rolf Haberrecker" <rolf@suse.de> writes:
Actually to be honest there is no specific reason for the document root of Apache being placed in /usr/local/
Well, i think /usr/local is not the wrong place for the document root. The documents that i place on my local server *are* locally installed stuff after all.
But i think the SuSE should leave this document root as empty as possible and should not place apache stuff there. For example, i think the apache manual shouldn't be placed there for two reasons: Firstly because a distribution should always avoid placing things to /usr/local if possible and secondly not all servers decide to export the apache manual to their clients. (Having a document on the server means the duty to maintain this document, this is already a good reason not having foreign docs like the apache manual on the server.) So i think the apache manual should not be placed in the document root wherever you decide to place the document root.
I'd place the apache manual to /usr/doc/packages/appache/manual/ and set a symlink from /usr/local/httpd/htdocs/manual -> /usr/doc/packages/appache/manual to allow the example page to refer to the manual. Thus after installing one might decide to leave or to delete this link in order to have or to have not the apache manual on the server.
This is definitely a reasonable idea. I will change this in the next major release of SuSE Linux. However I prefer an Alias to a symlink. On Thu, Sep 16, 1999 at 12:50:17PM +1200, Volker Kuhlmann wrote:
I'd place the apache manual to /usr/doc/packages/appache/manual/ and set a symlink from /usr/local/httpd/htdocs/manual -> /usr/doc/packages/appache/manual to allow the example page to refer to the manual.
Sounds like a good idea, anyway. But it's not that simple. Preferably, I would like local documents under /usr/local, and the rest of the material that comes with apache out of there - wherever, I don't care. There are a bunch of icons, include headers, and the test page plus associated bla bla. Not sure how to do that though, while keeping in touch with the apache security model.
While we're on the security list, cgi-bin is non-empty. I remember that by some default on some distribution it contained a file with serious security problems?!?
The programs in our cgi-bin should all be harmless. However I will change the permissions in secure and paranoid settings to 000. -- Mit freundlichen Gruessen, Rolf Haberrecker Leiter Business Partner Programm SuSE GmbH, Tel: +49-911-7405331 Schanzaeckerstr. 10, Fax: +49-911-7417755 90443 Nuernberg, Email: rolf@suse.de Germany WWW: http://www.suse.com/