[CentOS] OT: SA/Apache "Best Practice"?

Fri Oct 31 17:32:13 UTC 2008
Camron W. Fox <cwfox at us.fujitsu.com>

Alle,

	Here is our situation:

	Our customer leases their machines from us and contract us to to manage 
them (as far as all systems administration issues). The customer does 
not have root access to any machine (by their own choice, as they want 
us to be responsible if something goes awry).
	In the case of their web servers, we handle all configuration, they 
manage the content. We make changes to the configuration as necessary to 
support their content.
	There is one machine (RHEL5.2) that they are developing on that will 
become a production box. They have sudo access to manage mysql functions 
as well as the apache server.
	They have asked, that we change the default directory
permission/ownership of /var/www/html,cgi-bin, instead of using the
Documentroot and ScriptAlias parameters in the apache configuration.

drwxr-xr-x 2 root root 4096 Jan 11  2008 /var/www/cgi-bin
drwxr-xr-x 2 root root 4096 Jan 11  2008 /var/www/html

to

drwxrwxr-x 2 root user 4096 Jan 11  2008 /var/www/cgi-bin
drwxrwxr-x 2 root user 4096 Jan 11  2008 /var/www/html

	We have explained that it is preferable *not* to modify the default 
filesystem configuration of the underlying OS and have recommended that 
they customize the app by specifying a location of their choice in 
httpd.conf. They argue that they "just want to use the system default 
location". There is no *technical* reason for this, according to them. 
The location does not affect the app.
	None of the other web servers we manage for them use the RHEL apache 
default, they all have customized locations for content and scripts.

	My question is:

	What argument, if any, would you use to try and convince the customer 
that this is a bad idea/bad practice?

Best Regards,
Camron

-- 
Camron W. Fox
Hilo Office
High Performance Computing Group
Fujitsu Management Services of America, Inc.
E-mail:		cwfox at us.fujitsu.com
Phone:		(808) 934-4102
Cell:		(808) 937-5026