Re: [sheflug] Apache, shtml and php config. problem

[Alex Hudson <home [at] xxxxxxxxxxxxxx>]

On Mon, 2006-08-14 at 20:49 +0100, Lesley Binks wrote:
> I'd find this approach smells of FUD factoring tbh and I have real 
> difficulty with the 'this has been made by machine and therefore must be 
> appropriate' stance. 

You're not following what I said.

The logic isn't "this is created by a machine and therefore
appropriate"; it's "these are files put in place by the package
management system, and my changes are more appropriately made elsewhere
such that the package and the site configuration can happily co-exist".

Leaving the original configuration of character sets, mime types, etc.
doesn't make a whit of difference to the configuration of any particular
site that you setup in Apache - whether you agree with the package
configuration or not, local edits are best made in other files.

As I said, the package system notes local edits, and if you want to do
the manual "I will review all configuration and merge the changes I
think sensible" you can do that - that's how it works automatically. I'm
just pointing out the benefits of allowing the package management system
to do it's job, because there are no drawbacks to that approach.

> And there are plenty of BSDers out there and server admins that think a 
> non-chrooted Apache is the spawn of the devil.  I have played with 
> Debian SuSE Mandriva and Ubuntu and not seen any of these chroot Apache.

They don't do it by default because most web applications don't work
inside a chroot.

Of course, if you want to do it, you 'apt-get install
libapache2-mod-chroot' and then 'a2enmod mod_chroot' - no special setup
required. I'm not sure what this has to do with the topic of managing
configuration files though!

> If they'd said oh we left that port open to do xyz, even if I didn't 
> know what xyz was or didn't agree with it I'd have been happier.  As it 
> was I decided it was a no-no based on their response which indicated to 
> me that they thought they were entitled to restrict my direct access to 
> the root account on one of my machines, run a process with an open port 
> and not tell me what they were doing with it.

I'm not sure who it was exactly you were talking to, but there is no
process open by default on any port like that, and has never been in any
version of ubuntu (I've been running it for quite a while, since before
warty). Certainly that is the case for every released version.

> Have you portscanned a fresh install of Ubuntu?

No, but netstat tells me what's listening and by default, an
installation of Ubuntu doesn't listen on any ports. It's also the Ubuntu
policy to have no open ports by default, no matter how you install.

If Ubuntu did have ports open, it would be well-known by now.

Cheers,

Alex.


___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.