[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FHS and /var/www

On Mon, Jul 21, 2008 at 01:14:05AM +0100, Stephen Gran wrote:
> This one time, at band camp, Steve Langasek said:
> > On Sun, Jul 20, 2008 at 06:58:09PM +0100, Stephen Gran wrote:
> > > > So you "vote" for an exemption from FSH in this case, as per
> > > > 9.1.1?

> > > http://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM

> > > "Therefore, no program should rely on a specific subdirectory
> > > structure of /srv existing or data necessarily being stored in /srv.

> > I think it's perfectly in keeping with other parts of policy to ship
> > our webservers with /srv/www as the default webroot, and leave it up
> > to the administrator to symlink web applications into that root to
> > enable them (or change the web root, or use aliases, etc).  In
> > particular, Policy 11.5.4 says that web applications should avoid
> > storing files in the web document root if possible.

> So you think it's a good idea to ignore the the sentence above?

No, I don't think that using it as a default webroot is "rely[ing] on a
specific subdirectory structure of /srv existing or data necessarily being
stored in /srv", because the web server can be reconfigured to look
elsewhere.

> I agree that it's a bad idea for applications to store things under the
> webroot in general, but that's a seperate issue altogether to changing
> what the default webroot points to.  If we could keep the seperate issues
> seperate for the moment, I think it would be helpful.

If your objection to using /srv/www as the default web root isn't about
applications storing files there, then why do you object to it?  Is it
because it would be "wildly inappropriate" on your systems?

> a) applications installing random files under web root - bad
> b) Changing httpds to ship a web root that either doesn't exist or would
>    be wildly inappropriate on every system I admin - also bad.

Does "wildly inappropriate" mean that shipping such a default would
incorrectly expose data to the network that wasn't meant to be exposed?

> Doing the change you recommend also has the downside of guaranteeing
> that no web application that has to ship files under the web root can
> work out of the box.  Admittedly these applications are probably silly,
> but not currently buggy.

Well, I consider that an upside rather than a downside; I don't think
there's any excuse for a package enabling a web app by default, and would be
happy to see such packages declared buggy - which I agree could be handled
separately from /srv/www.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org
Reply to: