[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [sheflug] Apache, shtml and php config. problem

To: sheflug <sheflug [at] xxxxxxxxxxxxx>
Subject: Re: [sheflug] Apache, shtml and php config. problem
From: Lesley Binks <lesley.binks [at] xxxxxxxxx>
Date: Mon, 14 Aug 2006 20:49:56 +0100
List-help: <mailto:sheflug-request [at] sheflug.co.uk?subject=help>
List-id: sheflug <sheflug_sheflug.co.uk.sheflug.co.uk>
List-post: <mailto:sheflug [at] sheflug.co.uk>
List-subscribe: <http://sheflug.co.uk/mailman/listinfo/sheflug_sheflug.co.uk>, <mailto:sheflug-request [at] sheflug.co.uk?subject=subscribe>
List-unsubscribe: <http://sheflug.co.uk/mailman/listinfo/sheflug_sheflug.co.uk>, <mailto:sheflug-request [at] sheflug.co.uk?subject=unsubscribe>
Reply-to: sheflug <sheflug [at] xxxxxxxxxxxxx>
Sender: sheflug-bounces [at] xxxxxxxxxxxxx
User-agent: Thunderbird 1.5 (X11/20051201)

Alex Hudson wrote:
> On Mon, 2006-08-14 at 10:57 +0100, Lesley Binks wrote:
>> Just for what it's worth (which probably isn't very much) I don't 
>> believe in this 'thou shalt not edit the config files' vein of thought 
>> at all. 
> 
> Well, just so people understand the reasoning behind this - it's not
> particularly dogmatic.
> 
> If you're compiling your own Apache, you're pretty much free to do what
> you want. If you're using a packaged Apache, though, it's best to stick
> to how it's supposed to be done. A number of the configuration files
> either come with the package, or are edited by machine. 

I would suggest that most of the generic config files that come with a 
package are precisely that - generic - and need to be checked against 
requirements for the task at hand.

> 
> So, for example, if you install PHP, it will automatically set itself up
> in Apache. If you upgrade Apache, it will automatically install the new
> configuration (new mime types, for example). If you install phpmyadmin,
> or a similar web-app, it will install it's own configuration file and
> set itself up. It can do this because of the layout of the configuration
> files.
> 
> Now, if you edit the configuration files, the packaging system will
> notice, and it will leave Apache's config alone - it realises that
> you've touched the files and doesn't want to destroy your edits.
> However, that does mean that you miss out on the good stuff in newer
> versions of the package - you then have to do everything manually,
> rather than have it done for you, and that usually leads to mistakes and
> broken configuration.
> 

I'd find this approach smells of FUD factoring tbh and I have real 
difficulty with the 'this has been made by machine and therefore must be 
appropriate' stance.  Apache since 2.0 has modularised the config files 
it needs so, if you don't already have a phpMyAdmin install then the 
phpMyAdmin file can be left in the relevant directory.  Surely it's then 
up to you to check that phpMyAdmin config is adequate for your needs and 
include it in the configuration?  Or do you just assume that everything 
that comes straight from the factory fits your requirements?

The variety of packaging systems available may or may not be able to 
handle local edits to configs - but if they do register local edits and 
refrain from updating your config files then they usually say so and 
they should put the standard config files somewhere sensible (like 
/usr/share/doc/packages/ ) for reference and upgradeability.

And there are plenty of BSDers out there and server admins that think a 
non-chrooted Apache is the spawn of the devil.  I have played with 
Debian SuSE Mandriva and Ubuntu and not seen any of these chroot Apache.

>> I tried Ubuntu early on, it's nice enough but I port scanned the box and 
>> found an open port < 1024.  Posted somewhere on an ubuntu list and they 
>> said 'they needed this port open for things they had to do'.
> 
> Do you remember what this port is?
Well it was warty which I believe is some time ago and I think it was 
either 732 or 736.  I am sure it was 73x but can't recall whether it was 
732 or 736 now.

If they'd said oh we left that port open to do xyz, even if I didn't 
know what xyz was or didn't agree with it I'd have been happier.  As it 
was I decided it was a no-no based on their response which indicated to 
me that they thought they were entitled to restrict my direct access to 
the root account on one of my machines, run a process with an open port 
and not tell me what they were doing with it.

> 
> I don't want to say you're wrong, but by default Ubuntu ships with no
> ports open at all, let alone < 1024. The only thing which is possibly
> available is a UDP port when you've configured your network via DHCP -
> and plainly you can't have a DHCP network unless you listen to DHCP
> requests ;)
> 
Have you portscanned a fresh install of Ubuntu?

> In this regard, ubuntu is substantially "better" (for whatever value you
> place on having no ports open) than most other distributions.
> 

I don't particularly see Ubuntu as better than any other distro tbh.

Regards

L.

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [sheflug] Apache, shtml and php config. problem
  - From: Alex Hudson

References:
- [sheflug] Apache, shtml and php config. problem
  - From: Ruth Gunstone
- Re: [sheflug] Apache, shtml and php config. problem
  - From: Dean Sas
- Re: [sheflug] Apache, shtml and php config. problem
  - From: Ruth Gunstone
- Re: [sheflug] Apache, shtml and php config. problem
  - From: Lesley Binks
- Re: [sheflug] Apache, shtml and php config. problem
  - From: Alex Hudson

Prev by Date: Re: [sheflug] Slightly Off-Topic, Openoffice Help
Next by Date: Re: [sheflug] Javascript book recommendation
Previous by thread: Re: [sheflug] Apache, shtml and php config. problem
Next by thread: Re: [sheflug] Apache, shtml and php config. problem
Index(es):
- Date
- Thread