on 10-31-2008 10:32 AM Camron W. Fox spake the following: > Alle, > > Here is our situation: > > Our customer leases their machines from us and contract us to to > manage them (as far as all systems administration issues). The customer > does not have root access to any machine (by their own choice, as they > want us to be responsible if something goes awry). > In the case of their web servers, we handle all configuration, they > manage the content. We make changes to the configuration as necessary to > support their content. > There is one machine (RHEL5.2) that they are developing on that will > become a production box. They have sudo access to manage mysql functions > as well as the apache server. > They have asked, that we change the default directory > permission/ownership of /var/www/html,cgi-bin, instead of using the > Documentroot and ScriptAlias parameters in the apache configuration. > > drwxr-xr-x 2 root root 4096 Jan 11 2008 /var/www/cgi-bin > drwxr-xr-x 2 root root 4096 Jan 11 2008 /var/www/html > > to > > drwxrwxr-x 2 root user 4096 Jan 11 2008 /var/www/cgi-bin > drwxrwxr-x 2 root user 4096 Jan 11 2008 /var/www/html > > We have explained that it is preferable *not* to modify the default > filesystem configuration of the underlying OS and have recommended that > they customize the app by specifying a location of their choice in > httpd.conf. They argue that they "just want to use the system default > location". There is no *technical* reason for this, according to them. > The location does not affect the app. > None of the other web servers we manage for them use the RHEL apache > default, they all have customized locations for content and scripts. > > My question is: > > What argument, if any, would you use to try and convince the > customer that this is a bad idea/bad practice? > > Best Regards, > Camron > Tell them that if they want to make a change like this, then they have to sign off that THEY will be liable for this system and any damage it might cause. It may just be a bluff, but it probably won't make it past their legal team if they have one. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20081031/114452ed/attachment-0005.sig>