Re: Installing writable configuration files for an Apache module.
> I've just finished creating and testing a new package,
> libapache-mod-virgule, this is the module which is behind the
> Advogato.org website.
> The module uses a set of .xml files for it's configuration, and
> for storing user login details - and I'm a little unsure as to
> where they should be installed.
> Currently I create a directory '/var/lib/mod-virgule' and place
> them there. However I do there could be a better location to use
> and I'm open to suggestions.
They should reside in /etc/mod-virgule, and /var/lib/mod-virgule -if you
need it to exist- should either be a symlink or contain symlinks pointing
to the relevant files - Take a look at the policy, 11.7.2:
> One concern is that these files must be writable by the apache
> process - to do that I've installed a new user and group and made
> the directory +S.
> The alternative is to install them nobody:nogroup, which is bad.
> Now obviously anybody with a login shell upon the box can tamper
> with these files - if there's a good solution that I've not thought
> of I'd appreciate hearing of it..
Remember Apache runs with the user and group www-data - If you make them
normal 0644 files owned by www-data:www-data, I think you should be
safe... Unless, of course, you are using www-data for things other than
Apache itself ;-)
Gunnar Wolf - email@example.com - (+52-55)5630-9700 ext. 1366
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF