On Mon, Apr 09, 2007 at 04:43:55PM -0700, Adam Chlipala wrote: > Domtool sets up Apache to log to AFS. See ~adamc/apache for an example > of the directory layout and permissions. > > Right now, Domtool expects these 'apache' directories to be > subdirectories of users' home directories. I set this convention back > when we weren't giving users write permissions on their home volumes, > but rather doing this for 'home' subdirectories. Since we've reversed > this decision, it's important that Apache logs go somewhere that users > don't have write access to. This is because deleting a virtual host's > log directory will lead to Apache encountering a file-not-found error > when it goes to open the logs, stopping Apache from starting up. > > Following the way we're handling databases, I'm guessing that the > consensus will be that Apache logs should get their own per-user > volumes, and that these volumes will be created by adduser. Does that > sound like the right thing to do?
I'll do a quick test on permissions and let you know. If we set the log directory owned by www-data (or something which != user), I want to see if it will "cancel" the implicit permissions that user has by being the owner of the toplevel dir. If yes, then we can just, as said, chown log directory to != user. If not, then yes, creating separate volumes will be the way to go. As I already said before, whatever we choose now, won't be much of a problem if we'll want to change it later. I have an impression that any AFS changes, while maybe annoying and repetitive to do by hand, are easy to do with a shell script at any point in time. > This log directory business is the last remnant that I can think of of > the old AFS conventions with /afs/hcoop.net/usr/USER/home home > directories. Has anyone else spotted any others? I haven't seen any problems. -doc _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
