[thelist] Site Root & Document Root

cache at dowebs.com cache at dowebs.com
Tue Jul 3 15:44:59 CDT 2001


On 3 Jul 2001, at 19:52, Marcus J. Coles wrote:

> ie my usual local directory structure is ...
> 
> /sites/somesite.com/site
> and
> /sites/somesite.com/source
> 
> if I log onto(ftp) my usual server (cobalt unix raq)
> 
> the structure is
> /site101/logs
> /site101/users
> /site101/web  <<< this being the document root
>

Why can't you download "web/" skipping the site/101/ level?

I develop locally on Apache inside htdocs. My local url 
http://localhost/websitepad/web/ therefore corresponds to 
http://websitepad.com/ and I do my downloads from /web/ from the 
RaQserver. 

You might look into using RaQ's built-in backup for downloads 
since it only moves modified files.

If you are FTPing into your RaQ and are at the site101 level you are 
logging in as the serverAdmin since by design the siteAdmin 
cannot get to the site101 level. If you are also uploading as the 
serverAdmin you may be creating a security problem if you are not 
the only user who will ever be on your RaQ server. CGIs on a Raq 
run under CGIWrap and run under the name of their owner (the user 
who uploaded the file). If you upload as serverAdmin to site101 and 
site102, any CGI in site102 will have full access to all files in 
site101. If you are not the only user on your RaQ, you should be 
uploading/downloading as the siteAdmin to avoid this problem. 

> the reason being that I store web based logins/details/conf files in
> the site root folder so that it is not web browsable

If you store logins etc outside the /web/ folder I would think you 
may want to download them too so you have them available for 
offline processing. If you shy from moving them across an insecure 
connection email me off list and I can point you to an SSH server 
and slick SSH FTP client for your RaQ. 

On the otherhand, on a RaQ I never store data outside the /web/ 
since it is SO easy to store them even more securely inside the 
domain path. Since CGI runs as the siteAdmin under CGIWrap a 
CGI can read/write any file with 0600 permissions (a CGI can also 
execute with only 0700 permissions). This cannot be done on non-
CGIWrap machines where CGI runs as nobody and requires 0666 
to read/write a file. With 0600 no one can read the file except the 
siteAdmin and the site's CGI, no one not even the serverAdmin. If 
you use 0666 to store files outside the domain path on a RaQ 
those files can be accessed by the serverAdmin, not a good thing if 
the serverAdmin is different from the siteAdmin.

If you are unfamiliar with CGIWrap and how it makes the RaQ a 
different, and in my view, a superiour machine to a regular *nix box, 
subscribe to http://list.cobalt.com/mailman/listinfo/cobalt-users/
If you can ignore the constant flame wars and superior-than-thou 
attitude of the unix-admin people there it's a great list.

keith




More information about the thelist mailing list