User Tools

Site Tools


system:balug_webserver

BALUG webserver

The care and feeding of the BALUG webserver (on this host system).

  • The BALUG webserver should not interfere with other webserver(s) or other non-BALUG services on the host (and vice versa)
  • To avoid accidentally shutting down, signaling, etc. the incorrect webserver or web services, use the proper -balug commands/pathnames/scripts, e.g. for most normal operations one should only need to use:
    • /etc/rc.d/init.d/httpd-balug (with relevant argument(s))
    • /usr/local/sbin/*-balug* (but the above should generally be used instead)
    • FAILURE TO USE THE COMMANDS NOTED ABOVE MAY CLOBBER THE WRONG WEBSERVER OR WEB SERVICES
  • Along those non-interference regards, the BALUG webserver should only use its designated IP address(es) - see: IP Addresses
  • The BALUG webserver runs using user:group balugwww:balugwww. Note that for security reasons, to the extent feasible (and as appropriate), user balugwww and group balugwww should not have access to alter any content on the host or have any special privileges on the host. Note that it may be permissible for user balugwww or group balugwww to alter content only where that is explicitly desired (e.g. perhaps certain wiki pages). Note also that in general, user balugwww or group balugwww needs read access to web content to be served (generally read access on files, and read and "execute"(/search) on directories and ancestor directories).
  • to the extent feasible (we're not there yet) and where there isn't a conflicting security reason, it should be made feasible for non-superuser (i.e. other than user "root") to be able to alter BALUG web content (e.g. via suitable ID(s) and/or group(s) - such as user and/or group balug).
  • Note that version control (RCS) has been put in place for at least some key file(s), it should be appropriately used to track changes and note the reason(s) why change(s) were made. It is also generally advisable to preserve mtimes, e.g.:
    # ci -d -l -M file
system/balug_webserver.txt · Last modified: 2007-05-28T08:50:06+0000 by 198.144.194.236