Re: suEXEC witch mod_userdir

To: debian-isp@lists.debian.org
Cc: debian-isp@lists.debian.org
Subject: Re: suEXEC witch mod_userdir
From: Thomas Goirand <thomas@goirand.fr>
Date: Fri, 13 Mar 2009 04:11:28 +0800
Message-id: <[🔎] 49B96C70.9090200@goirand.fr>
In-reply-to: <[🔎] ee5163b50903120353q442a4ff6mc481bd30cbaebc89@mail.gmail.com>
References: <[🔎] ee5163b50903110708y5df7f11cu56e8cafafd0a94e3@mail.gmail.com> <[🔎] 49B80EEF.7080800@goirand.fr> <ee5163b50903120325p3a2252fel7316cece04cc2ca2@mail.gmail.com> <[🔎] ee5163b50903120353q442a4ff6mc481bd30cbaebc89@mail.gmail.com>

Marc Aymerich wrote:
> Hi Thomas!
> 
> Thanks for your recommendation. We have considered using DTC control
> panel in our servers, but the structure of DTC is not compatible with
> our system. We have 3 virtualized servers, for web, mail and mysql,
> each of this servers mounts a different disk partition from a SAN
> server, and DTC stores web and mail in the user home directory, so we
> have no idea how to adapt this to our needs.

I see absolutely no reasons why you would separate in 3 servers if they
are all visualized. If you do that, that is because you don't have
enough resources on ONE server, there is no reason otherwise.

Anyway, that would be quite trivial to do so. You'd just have to hack
the very bottom of the cron job to disable apache in the mail server,
and mail server in apache, (I don't even talk about DNS replications as
that part is so trivial ...). Then I guess you would mount /var/www from
your SAN. That is about it...

> Is there a way (without rewriting a big part of DTC) to adapt DTC to out system?

There's no rewrite needed here. Just tweak the cron system, and disable
the daemons that you don't want.

> Anyway we continue interesting in solve the suexec problem.

Have a try with sbox, you wont regret it. Lincoln D. Stein did a VERY
good job, I just made things configurable at runtime rather than compile
time (using the very nice libdotconf). Unless many apache stuff, you can
change things in the config file of sbox without restarting your web
server (as it's only a cgi-bin itself). Here are some example of changes
you can do:

- do_chroot On/Off
- set_limits On/Off
- priority
- maximum CPU time in seconds
- maximum size of a single file that can be created (blocks)
- maximum amount of in-memory data
- maximum stack size
- maximum memory ("resident set") usage
- max number of processes script can spawn
- max number of open file descriptors

This is really ideal to run ugly Perl cgi-bin scripts.

By the way, I'd like to find a nice way to build a Perl environment in a
chroot (I don't need anything else but perl), and for that, I'm quite
stuck. Best would be a minimal environment that allows to use CPAN to
add some modules. I often end up copying a WAY too much things, and I'd
like to know if any of you know a good way to have something really
minimal, and setup in a nicely (clean) way.

Thomas

Reply to:

Follow-Ups:
- Re: suEXEC witch mod_userdir
  - From: Seth Mattinen <sethm@rollernet.us>
- Re: suEXEC witch mod_userdir
  - From: Marc Aymerich <glicerinu@gmail.com>

References:
- suEXEC witch mod_userdir
  - From: Marc Aymerich <glicerinu@gmail.com>
- Re: suEXEC witch mod_userdir
  - From: Thomas Goirand <thomas@goirand.fr>
- Re: suEXEC witch mod_userdir
  - From: Marc Aymerich <glicerinu@gmail.com>

Prev by Date: Re: suEXEC witch mod_userdir
Next by Date: Re: suEXEC witch mod_userdir
Previous by thread: Re: suEXEC witch mod_userdir
Next by thread: Re: suEXEC witch mod_userdir
Index(es):
- Date
- Thread