[CentOS] Re: OT: SA/Apache "Best Practice"?
Scott Silva
ssilva at sgvwater.com
Fri Oct 31 18:14:49 UTC 2008
on 10-31-2008 10:32 AM Camron W. Fox spake the following:
> Alle,
>
> Here is our situation:
>
> Our customer leases their machines from us and contract us to to
> manage them (as far as all systems administration issues). The customer
> does not have root access to any machine (by their own choice, as they
> want us to be responsible if something goes awry).
> In the case of their web servers, we handle all configuration, they
> manage the content. We make changes to the configuration as necessary to
> support their content.
> There is one machine (RHEL5.2) that they are developing on that will
> become a production box. They have sudo access to manage mysql functions
> as well as the apache server.
> They have asked, that we change the default directory
> permission/ownership of /var/www/html,cgi-bin, instead of using the
> Documentroot and ScriptAlias parameters in the apache configuration.
>
> drwxr-xr-x 2 root root 4096 Jan 11 2008 /var/www/cgi-bin
> drwxr-xr-x 2 root root 4096 Jan 11 2008 /var/www/html
>
> to
>
> drwxrwxr-x 2 root user 4096 Jan 11 2008 /var/www/cgi-bin
> drwxrwxr-x 2 root user 4096 Jan 11 2008 /var/www/html
>
> We have explained that it is preferable *not* to modify the default
> filesystem configuration of the underlying OS and have recommended that
> they customize the app by specifying a location of their choice in
> httpd.conf. They argue that they "just want to use the system default
> location". There is no *technical* reason for this, according to them.
> The location does not affect the app.
> None of the other web servers we manage for them use the RHEL apache
> default, they all have customized locations for content and scripts.
>
> My question is:
>
> What argument, if any, would you use to try and convince the
> customer that this is a bad idea/bad practice?
>
> Best Regards,
> Camron
>
Tell them that if they want to make a change like this, then they have to sign
off that THEY will be liable for this system and any damage it might cause. It
may just be a bluff, but it probably won't make it past their legal team if
they have one.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20081031/114452ed/attachment.sig>
More information about the CentOS
mailing list