[CentOS] Re: OT: SA/Apache "Best Practice"?

Fri Oct 31 18:14:49 UTC 2008
Scott Silva <ssilva at sgvwater.com>

on 10-31-2008 10:32 AM Camron W. Fox spake the following:
> Alle,
> 
>     Here is our situation:
> 
>     Our customer leases their machines from us and contract us to to
> manage them (as far as all systems administration issues). The customer
> does not have root access to any machine (by their own choice, as they
> want us to be responsible if something goes awry).
>     In the case of their web servers, we handle all configuration, they
> manage the content. We make changes to the configuration as necessary to
> support their content.
>     There is one machine (RHEL5.2) that they are developing on that will
> become a production box. They have sudo access to manage mysql functions
> as well as the apache server.
>     They have asked, that we change the default directory
> permission/ownership of /var/www/html,cgi-bin, instead of using the
> Documentroot and ScriptAlias parameters in the apache configuration.
> 
> drwxr-xr-x 2 root root 4096 Jan 11  2008 /var/www/cgi-bin
> drwxr-xr-x 2 root root 4096 Jan 11  2008 /var/www/html
> 
> to
> 
> drwxrwxr-x 2 root user 4096 Jan 11  2008 /var/www/cgi-bin
> drwxrwxr-x 2 root user 4096 Jan 11  2008 /var/www/html
> 
>     We have explained that it is preferable *not* to modify the default
> filesystem configuration of the underlying OS and have recommended that
> they customize the app by specifying a location of their choice in
> httpd.conf. They argue that they "just want to use the system default
> location". There is no *technical* reason for this, according to them.
> The location does not affect the app.
>     None of the other web servers we manage for them use the RHEL apache
> default, they all have customized locations for content and scripts.
> 
>     My question is:
> 
>     What argument, if any, would you use to try and convince the
> customer that this is a bad idea/bad practice?
> 
> Best Regards,
> Camron
> 
Tell them that if they want to make a change like this, then they have to sign
off that THEY will be liable for this system and any damage it might cause. It
may just be a bluff, but it probably won't make it past their legal team if
they have one.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20081031/114452ed/attachment-0005.sig>