[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: common, FHS-compliant, default document root for the various web servers

Stefano Zacchiroli wrote:
[ adding -policy to Cc: ]

On Wed, Nov 04, 2009 at 04:08:02PM +0100, Holger Levsen wrote:
Uhm, why postpone this so long? I'd hope we could find a consensus quite soon. Then, we might not be able to fix _all_ web apps until squeeze, but at least tthose few with dir-or-file-in-var-www :-)

I see it a tad more complicate than you, let's hope its me
overestimating the task :-)

- the agreement actually should not come among web app maintainers, but
  rather among web *server* maintainers: they should agree over a
  specific dir and change the default configuration of the web server so
  that that dir is the document root (for the default vhost, for web
  servers supporting vhosts)

  * possibly, migrating to that would require offering migration paths
    to package users

- then you might start migrating web apps packages so that they install
  (static) stuff under that dir, preserving the per-package path as
  detailed in the webapps-common policy

- then, the rule should go into policy (possibly under §9.1.1, has an
  exception to FHS, not sure about the section though) and that can't
  happen before due to the usual practice-should-predate-policy

Personally I would like to have a competently different approach:

- web server ask where to put the root (probably proposing default
  a /srv/www location).  But not further assumption about the location.
  Admins, per FHS, could choose other paths.

  This could be done by a new update-http-root application.
  (and ev. could handle multiple vhost).
  And possibly allowing no public location (thus forcing local only
  connections): we tend to forget about this, but IMHO more and more
  desktop computers are installed with webserver because of local
  convenience. Thus we really need to securely support this common

- No webapp are installed "live" by default:

  We have too much crap web application, and some/most of our users
  don't realize that they are installing a public accessible crap.
  [the desktop users]

  Thus IMHO we need a "update-webappl" utility, which would
  list, ask and ev. install the just installed webapplication.

  This is not so far as the installation of apache modules, which
  ask for which apache (apache/apache2/apache2-ssl/...) to enable
  modules. We just list the possible web root.

  Naturally admins can skip this point (e.g. not allowing debian
  to handle webappl, but doing manually).

  Probably a webserver-specific support script will handle the
  generation of symlink (default) or via configuration (webserver
  specific) of the /usr/lib/cgi or /usr/share/* dir.

In short:

- no hardcoded default root location (only a default value for a
  real user question)
- not installing by default (without asking) web apps.


PS: first mail in debian-policy, so maybe I missed the point of
the discussion (which take place in the other mailing lists)

Reply to: