[thelist] Site Root & Document Root
cache at dowebs.com
cache at dowebs.com
Tue Jul 3 15:44:59 CDT 2001
On 3 Jul 2001, at 19:52, Marcus J. Coles wrote:
> ie my usual local directory structure is ...
>
> /sites/somesite.com/site
> and
> /sites/somesite.com/source
>
> if I log onto(ftp) my usual server (cobalt unix raq)
>
> the structure is
> /site101/logs
> /site101/users
> /site101/web <<< this being the document root
>
Why can't you download "web/" skipping the site/101/ level?
I develop locally on Apache inside htdocs. My local url
http://localhost/websitepad/web/ therefore corresponds to
http://websitepad.com/ and I do my downloads from /web/ from the
RaQserver.
You might look into using RaQ's built-in backup for downloads
since it only moves modified files.
If you are FTPing into your RaQ and are at the site101 level you are
logging in as the serverAdmin since by design the siteAdmin
cannot get to the site101 level. If you are also uploading as the
serverAdmin you may be creating a security problem if you are not
the only user who will ever be on your RaQ server. CGIs on a Raq
run under CGIWrap and run under the name of their owner (the user
who uploaded the file). If you upload as serverAdmin to site101 and
site102, any CGI in site102 will have full access to all files in
site101. If you are not the only user on your RaQ, you should be
uploading/downloading as the siteAdmin to avoid this problem.
> the reason being that I store web based logins/details/conf files in
> the site root folder so that it is not web browsable
If you store logins etc outside the /web/ folder I would think you
may want to download them too so you have them available for
offline processing. If you shy from moving them across an insecure
connection email me off list and I can point you to an SSH server
and slick SSH FTP client for your RaQ.
On the otherhand, on a RaQ I never store data outside the /web/
since it is SO easy to store them even more securely inside the
domain path. Since CGI runs as the siteAdmin under CGIWrap a
CGI can read/write any file with 0600 permissions (a CGI can also
execute with only 0700 permissions). This cannot be done on non-
CGIWrap machines where CGI runs as nobody and requires 0666
to read/write a file. With 0600 no one can read the file except the
siteAdmin and the site's CGI, no one not even the serverAdmin. If
you use 0666 to store files outside the domain path on a RaQ
those files can be accessed by the serverAdmin, not a good thing if
the serverAdmin is different from the siteAdmin.
If you are unfamiliar with CGIWrap and how it makes the RaQ a
different, and in my view, a superiour machine to a regular *nix box,
subscribe to http://list.cobalt.com/mailman/listinfo/cobalt-users/
If you can ignore the constant flame wars and superior-than-thou
attitude of the unix-admin people there it's a great list.
keith
More information about the thelist
mailing list