Re: NFS and apache...
2007/5/30, Jonathan Horne <[EMAIL PROTECTED]>: On Wednesday 30 May 2007 17:45:42 Agus wrote: > 2007/5/30, Christopher Hilton <[EMAIL PROTECTED]>: > > Erik Norgaard wrote: > > >> How can i do this? I am trying but im getting permission > > >> denied...while trying to create a file... > > > > > > NFS is insecure (No File Security) since there is no authentication. > > > You get access with the user id of your current user. > > > > I didn't want to touch the security problems with this as I assumed that > > the original poster knows about them. Just the same I'm assuming that > > webserver:/etc/exports has a line like: > > > > /usr/local/www/data/mysite -maproot=nobody:nogroup 192.168.233.17 > > > > which would tighten down the mount to just the one machine. As a > > developer, without even looking at security I think that direct access > > to the webroot tree is a bad idea. However I'm giving the original > > poster the benefit of the doubt. Perhaps he's just trying to learn HTML > > and PHP. > > > > [snip] > > > > > One security measure is implemented though: root user on client is > > > treated as nobody on the server. There is an option you can add to the > > > exports file (forgot which), to override this see the exports manpage. > > > > > >> Also if you have a different solution for updating the site..they are > > >> welcome.. > > > > > > Unless you have problems with diskspace, why not just use rsync? Do it > > > manually and you get time to correct blunders before they become > > > public, or do it as a cronjob. > > > > rsync > > scp, > > dav, > > *** cvs *** > > > > When I work on a website I tend to start with the site directory in cvs > > to protect me from the damage caused by fat fingers. I'm an old C > > programmer and CVS and Make are tools that I'm used to so I usually add > > a really simple make file to the web tree... > > > > * Typical Makefile for web project * > > -- cut from here -- > > > > update: > > cvs -PAd . > > > > MYWEBUSER = www > > MYHOST =webserver.example.com > > MYWEBROOT = /usr/local/www/data/webserver.example.com/ > > > > publish: > > rsync -auv ./ $(MYWEBUSER)@$(MYHOST):$(MYWEBROOT) > > > > -- to here -- > > > > Then running: > > > > $ make update > > > > on the webserver from within the webtree will refresh the site from the > > latest copy in CVS. In my opinion this is the best way because with a > > little CVS knowledge you can back out any mistakes. This is also nice > > since it only depends on the ability for both your development machine > > and webserver to be able to reach the cvs server. A final nicety is that > > there are CVS clients for FreeBSD, Windows, and Mac OS X. On the > > downside you do have to setup a cvs server. > > > > Add a little magic with ssh-keygen and the command: > > > > $ make publish > > > > will push the current state of the web project, N.B. whatever it may be, > > onto the webserver. This is a lower overhead way of publishing that has > > the danger of no fallback position in case something is screwed up. > > Honestly I think that the publish tag is better used for testing than > > production but not every is willing to go to the overhead of using > > revision control (CVS, SVN, what have you) on this stuff. > > > > -- Chris > > > > -- > >__o "All I was doing was trying to get home from work." > > _`\<,_ -Rosa Parks > > ___(*)/_(*)___ > > Christopher Sean Hilton > > pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 > > Great.thanks a lot guysyou've been very kind. > I will begin reading about rsync and CVS thenit also seems a lot more > interesting than NFS > > Thanks again... > Greetz > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" im a kde user, and i like to access my web server via sftp using the konqueror file manager. just open your home, open another tab, put in sftp://yourserver in the address bar... and drag and drop the files where they go! -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " [EMAIL PROTECTED]" Greatthat should be easy..jajathanksvery simple and practical great tip, greetz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NFS and apache...
On Wednesday 30 May 2007 17:45:42 Agus wrote: > 2007/5/30, Christopher Hilton <[EMAIL PROTECTED]>: > > Erik Norgaard wrote: > > >> How can i do this? I am trying but im getting permission > > >> denied...while trying to create a file... > > > > > > NFS is insecure (No File Security) since there is no authentication. > > > You get access with the user id of your current user. > > > > I didn't want to touch the security problems with this as I assumed that > > the original poster knows about them. Just the same I'm assuming that > > webserver:/etc/exports has a line like: > > > > /usr/local/www/data/mysite -maproot=nobody:nogroup 192.168.233.17 > > > > which would tighten down the mount to just the one machine. As a > > developer, without even looking at security I think that direct access > > to the webroot tree is a bad idea. However I'm giving the original > > poster the benefit of the doubt. Perhaps he's just trying to learn HTML > > and PHP. > > > > [snip] > > > > > One security measure is implemented though: root user on client is > > > treated as nobody on the server. There is an option you can add to the > > > exports file (forgot which), to override this see the exports manpage. > > > > > >> Also if you have a different solution for updating the site..they are > > >> welcome.. > > > > > > Unless you have problems with diskspace, why not just use rsync? Do it > > > manually and you get time to correct blunders before they become > > > public, or do it as a cronjob. > > > > rsync > > scp, > > dav, > > *** cvs *** > > > > When I work on a website I tend to start with the site directory in cvs > > to protect me from the damage caused by fat fingers. I'm an old C > > programmer and CVS and Make are tools that I'm used to so I usually add > > a really simple make file to the web tree... > > > > * Typical Makefile for web project * > > -- cut from here -- > > > > update: > > cvs -PAd . > > > > MYWEBUSER = www > > MYHOST =webserver.example.com > > MYWEBROOT = /usr/local/www/data/webserver.example.com/ > > > > publish: > > rsync -auv ./ $(MYWEBUSER)@$(MYHOST):$(MYWEBROOT) > > > > -- to here -- > > > > Then running: > > > > $ make update > > > > on the webserver from within the webtree will refresh the site from the > > latest copy in CVS. In my opinion this is the best way because with a > > little CVS knowledge you can back out any mistakes. This is also nice > > since it only depends on the ability for both your development machine > > and webserver to be able to reach the cvs server. A final nicety is that > > there are CVS clients for FreeBSD, Windows, and Mac OS X. On the > > downside you do have to setup a cvs server. > > > > Add a little magic with ssh-keygen and the command: > > > > $ make publish > > > > will push the current state of the web project, N.B. whatever it may be, > > onto the webserver. This is a lower overhead way of publishing that has > > the danger of no fallback position in case something is screwed up. > > Honestly I think that the publish tag is better used for testing than > > production but not every is willing to go to the overhead of using > > revision control (CVS, SVN, what have you) on this stuff. > > > > -- Chris > > > > -- > >__o "All I was doing was trying to get home from work." > > _`\<,_ -Rosa Parks > > ___(*)/_(*)___ > > Christopher Sean Hilton > > pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 > > Great.thanks a lot guysyou've been very kind. > I will begin reading about rsync and CVS thenit also seems a lot more > interesting than NFS > > Thanks again... > Greetz > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" im a kde user, and i like to access my web server via sftp using the konqueror file manager. just open your home, open another tab, put in sftp://yourserver in the address bar... and drag and drop the files where they go! -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NFS and apache...
2007/5/30, Christopher Hilton <[EMAIL PROTECTED]>: Erik Norgaard wrote: >> How can i do this? I am trying but im getting permission denied...while >> trying to create a file... > > NFS is insecure (No File Security) since there is no authentication. You > get access with the user id of your current user. > I didn't want to touch the security problems with this as I assumed that the original poster knows about them. Just the same I'm assuming that webserver:/etc/exports has a line like: /usr/local/www/data/mysite -maproot=nobody:nogroup 192.168.233.17 which would tighten down the mount to just the one machine. As a developer, without even looking at security I think that direct access to the webroot tree is a bad idea. However I'm giving the original poster the benefit of the doubt. Perhaps he's just trying to learn HTML and PHP. [snip] > > One security measure is implemented though: root user on client is > treated as nobody on the server. There is an option you can add to the > exports file (forgot which), to override this see the exports manpage. > >> Also if you have a different solution for updating the site..they are >> welcome.. > > Unless you have problems with diskspace, why not just use rsync? Do it > manually and you get time to correct blunders before they become public, > or do it as a cronjob. > rsync scp, dav, *** cvs *** When I work on a website I tend to start with the site directory in cvs to protect me from the damage caused by fat fingers. I'm an old C programmer and CVS and Make are tools that I'm used to so I usually add a really simple make file to the web tree... * Typical Makefile for web project * -- cut from here -- update: cvs -PAd . MYWEBUSER = www MYHOST =webserver.example.com MYWEBROOT = /usr/local/www/data/webserver.example.com/ publish: rsync -auv ./ $(MYWEBUSER)@$(MYHOST):$(MYWEBROOT) -- to here -- Then running: $ make update on the webserver from within the webtree will refresh the site from the latest copy in CVS. In my opinion this is the best way because with a little CVS knowledge you can back out any mistakes. This is also nice since it only depends on the ability for both your development machine and webserver to be able to reach the cvs server. A final nicety is that there are CVS clients for FreeBSD, Windows, and Mac OS X. On the downside you do have to setup a cvs server. Add a little magic with ssh-keygen and the command: $ make publish will push the current state of the web project, N.B. whatever it may be, onto the webserver. This is a lower overhead way of publishing that has the danger of no fallback position in case something is screwed up. Honestly I think that the publish tag is better used for testing than production but not every is willing to go to the overhead of using revision control (CVS, SVN, what have you) on this stuff. -- Chris -- __o "All I was doing was trying to get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)___ Christopher Sean Hilton pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 Great.thanks a lot guysyou've been very kind. I will begin reading about rsync and CVS thenit also seems a lot more interesting than NFS Thanks again... Greetz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NFS and apache...
Erik Norgaard wrote: How can i do this? I am trying but im getting permission denied...while trying to create a file... NFS is insecure (No File Security) since there is no authentication. You get access with the user id of your current user. I didn't want to touch the security problems with this as I assumed that the original poster knows about them. Just the same I'm assuming that webserver:/etc/exports has a line like: /usr/local/www/data/mysite -maproot=nobody:nogroup 192.168.233.17 which would tighten down the mount to just the one machine. As a developer, without even looking at security I think that direct access to the webroot tree is a bad idea. However I'm giving the original poster the benefit of the doubt. Perhaps he's just trying to learn HTML and PHP. [snip] One security measure is implemented though: root user on client is treated as nobody on the server. There is an option you can add to the exports file (forgot which), to override this see the exports manpage. Also if you have a different solution for updating the site..they are welcome.. Unless you have problems with diskspace, why not just use rsync? Do it manually and you get time to correct blunders before they become public, or do it as a cronjob. rsync scp, dav, *** cvs *** When I work on a website I tend to start with the site directory in cvs to protect me from the damage caused by fat fingers. I'm an old C programmer and CVS and Make are tools that I'm used to so I usually add a really simple make file to the web tree... * Typical Makefile for web project * -- cut from here -- update: cvs -PAd . MYWEBUSER = www MYHOST =webserver.example.com MYWEBROOT = /usr/local/www/data/webserver.example.com/ publish: rsync -auv ./ $(MYWEBUSER)@$(MYHOST):$(MYWEBROOT) -- to here -- Then running: $ make update on the webserver from within the webtree will refresh the site from the latest copy in CVS. In my opinion this is the best way because with a little CVS knowledge you can back out any mistakes. This is also nice since it only depends on the ability for both your development machine and webserver to be able to reach the cvs server. A final nicety is that there are CVS clients for FreeBSD, Windows, and Mac OS X. On the downside you do have to setup a cvs server. Add a little magic with ssh-keygen and the command: $ make publish will push the current state of the web project, N.B. whatever it may be, onto the webserver. This is a lower overhead way of publishing that has the danger of no fallback position in case something is screwed up. Honestly I think that the publish tag is better used for testing than production but not every is willing to go to the overhead of using revision control (CVS, SVN, what have you) on this stuff. -- Chris -- __o "All I was doing was trying to get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)___ Christopher Sean Hilton pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NFS and apache...
Agus wrote: Hi all, I got the following scenario. Freebsd with Apache22 and NFS. I want to export the /usr/local/www/apache22/data/site so that the content of that site can be modified from my personal machine. The permissions on site/ are rwx for root and group webadm, and rx for others... How can i do this? I am trying but im getting permission denied...while trying to create a file... NFS is insecure (No File Security) since there is no authentication. You get access with the user id of your current user. When working with NFS make sure that you have the same users/groups with the same user id/group id on all machines. One security measure is implemented though: root user on client is treated as nobody on the server. There is an option you can add to the exports file (forgot which), to override this see the exports manpage. Also if you have a different solution for updating the site..they are welcome.. Unless you have problems with diskspace, why not just use rsync? Do it manually and you get time to correct blunders before they become public, or do it as a cronjob. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org smime.p7s Description: S/MIME Cryptographic Signature
NFS and apache...
Hi all, I got the following scenario. Freebsd with Apache22 and NFS. I want to export the /usr/local/www/apache22/data/site so that the content of that site can be modified from my personal machine. The permissions on site/ are rwx for root and group webadm, and rx for others... How can i do this? I am trying but im getting permission denied...while trying to create a file... thanks... Also if you have a different solution for updating the site..they are welcome.. thanks again, greetz Agustin. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
