Michael Olson <[EMAIL PROTECTED]> wrote: > Adam Chlipala <[EMAIL PROTECTED]> writes: >> There's also the issue of how we're going to handle AFS ticket >> grabbing for CGI and PHP programs run by Apache. Suggestions >> welcome, though my understanding is that mwolson is in charge of >> this now and looking into it. > > I'd like to hear what cclausen has to say about this. For now, here > are my recommendations. > > Based on the changes we had to make for Exim, the best thing would > probably to make deleuze's apache work with some generic AFS ticket > and a thread-based Apache.
Apache should be running with tokens now. Hmm... someone should test that k5start is actually stopped when apache is shutdown... > For mire, we would probably want a > non-threaded Apache so that each process can have a user-specific > ticket. Performance would probably be decreased because of lack of a > thread pool, though. Anything threaded in apache WILL cause problems with PHP. PHP just sucks and vast portions of it aren't thread safe. It looks like it'll work, but it WILL break at the most unfortunate times. > As for how to acquire a per-user ticket, I would have to peruse the > Apache documentation further before suggesting anything. I don't think its going to be possible to have resonable apache performance and still be able to have apache acquire tickets based on host headers for seperate sites. I'm not sure how many virtual hosts there are, but it might be better to try and run seperate apache daemons for each user's vhosts, depending upon what actually needs to be supported. Certain apps might be better off being setup with proxy_pass and a seperate daemon actually doing the AFS reads / writes. (For the record, some AFS dudes are working on a version of apache that would allow exactly what you describe above: http://www.openafs.org/pipermail/openafs-info/2005-November/020345.html ) I suspect that everything is simply going to have to run with shared creds as the same AFS user or its not going to work at all. (Note that the current apache setup will likely break on suexec, as the tokens are for the www-data user, but that needs to be tested.) If database passwords are a problem, it might be worth setting up some local disk space to allow users to write small files with db passwords that can be included from their code running under suexec. Someone might want to look into seeing how safe the PHP safe_mode really is. Ideally, all system(), exec(), and various other "dangerous" calls should be blocked. <<CDC _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
