Joel Rees wrote: > I wonder whether we could design a set of default update calls for > such a system. It's a project to keep on the back burner, I suppose. Interesting ideas. When I read your description two different ideas in different directions came to my mind. One was Linux containers. Interesting posting concerning lxc on Debian: http://lists.alioth.debian.org/pipermail/freedombox-discuss/2013-February/005097.html The other idea was GNU stow. https://www.gnu.org/software/stow/manual/stow.html#Introduction And here is an article about using it. http://brandon.invergo.net/news/2012-05-26-using-gnu-stow-to-manage-your-dotfiles.html I don't know exactly what you are thinking about but perhaps something in one of the above will spark an idea along the way. > I think the point is that certain configuration files could well be > owned by a special purpose user. > > Say I'm building a content-management system called "zerostone" and it > provides a web-facing configuration mechanism. I'd set it up so that > the user "admst0ne" owned the configuration files that could be > accessed from the web, and the server that provides access to the > configuration files would maybe run as admst0ne. Seems reasonable. Again something popped into my mind as I read this. I immediately envisioned an nginx frontend running normally. (Normally with reverse proxies configured.) Then setting up an additional nginx server running as your admst0ne user to run on the client end of the reverse proxy with its own dedicated document root. Configure the main frontend nginx to reverse proxy to the dedicated backend nginx. Each are light weight. Each would be able to access what it could access and each would have OS level security blocking it from accessing other files. It would compartmentalize things nicely. It is just an idea... I don't know how well it would play with your vision of things. > The non-web-facing configuration files would be owned by "zishi", and > all human users who are allowed to log in to a regular shell and edit > the configuration files would be members of the "zishi" group, or be > allowed to sudo to "zishi" by rules in the /etc/sudoers.d directory. Seems reasonable. > Or something like that. > > Purely hypothetical, of course. :-) Time will tell! Bob
Attachment:
signature.asc
Description: Digital signature