Re: suEXEC witch mod_userdir
On Thu, Mar 12, 2009 at 9:11 PM, Thomas Goirand <thomas@goirand.fr> wrote:
> Marc Aymerich wrote:
>> Hi Thomas!
>>
>> Thanks for your recommendation. We have considered using DTC control
>> panel in our servers, but the structure of DTC is not compatible with
>> our system. We have 3 virtualized servers, for web, mail and mysql,
>> each of this servers mounts a different disk partition from a SAN
>> server, and DTC stores web and mail in the user home directory, so we
>> have no idea how to adapt this to our needs.
>
> I see absolutely no reasons why you would separate in 3 servers if they
> are all visualized. If you do that, that is because you don't have
> enough resources on ONE server, there is no reason otherwise.
>
Yes, the reason why we use multiple servers is that one machine
doesn't support the load, and especially, doesn't have enough memory
in the hours of maximum traffic or when backup is running (we are a
NGO but we have more than 500 domains with up to 1.5TB of traffic per
month).
> Anyway, that would be quite trivial to do so. You'd just have to hack
> the very bottom of the cron job to disable apache in the mail server,
> and mail server in apache, (I don't even talk about DNS replications as
> that part is so trivial ...). Then I guess you would mount /var/www from
> your SAN. That is about it...
>
>> Is there a way (without rewriting a big part of DTC) to adapt DTC to out system?
>
> There's no rewrite needed here. Just tweak the cron system, and disable
> the daemons that you don't want.
>
Ok, sounds great :), we will start testing DTC immediately. My last
question is if it exists some documentation that describe how to
implement DTC with services spread over multiple servers (apart from
http://www.gplhost.com/old_stuff/index.php?chap=2&rub=softwares&sousrub=dtcdoc#2.8),
because I've found the first little problem just on the first step,
and I believe that we'llfind more and more little problems. In Mode
of EXAMPLE: Dependency problems with apt-get install dtc on web
server:
web:/# apt-get install dtc
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting dtc-postfix-courier instead of dtc
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies.
dtc-postfix-courier: Depends: postfix (>= 2.0) but it is not going
to be installed
Depends: postfix-mysql but it is not going to
be installed
Depends: postfix-tls (>= 2.0) or
postfix (>= 2.2.10) but it is not
going to be installed
E: Broken packages
>> Anyway we continue interesting in solve the suexec problem.
>
> Have a try with sbox, you wont regret it. Lincoln D. Stein did a VERY
> good job, I just made things configurable at runtime rather than compile
> time (using the very nice libdotconf). Unless many apache stuff, you can
> change things in the config file of sbox without restarting your web
> server (as it's only a cgi-bin itself). Here are some example of changes
> you can do:
>
> - do_chroot On/Off
> - set_limits On/Off
> - priority
> - maximum CPU time in seconds
> - maximum size of a single file that can be created (blocks)
> - maximum amount of in-memory data
> - maximum stack size
> - maximum memory ("resident set") usage
> - max number of processes script can spawn
> - max number of open file descriptors
>
> This is really ideal to run ugly Perl cgi-bin scripts.
>
> By the way, I'd like to find a nice way to build a Perl environment in a
> chroot (I don't need anything else but perl), and for that, I'm quite
> stuck. Best would be a minimal environment that allows to use CPAN to
> add some modules. I often end up copying a WAY too much things, and I'd
> like to know if any of you know a good way to have something really
> minimal, and setup in a nicely (clean) way.
>
Sounds good, and more if we'll use DTC.
Thank you very much for everything!!
Marc.
Reply to: