Re: [Webware-discuss] Webware (Free)BSD-Port? (fwd)

[Tavis R. <ta...@re...>]

Stefan,
how are you assigning permissions on=20
/usr/local/Webware vs.
/usr/local/webware.

In the name of privilege separation, the user running webkit should only =
have=20
write permissions to the locations that webkit writes to during operation=
 and=20
read-only permission on everything else: config files, servlets, etc.  Fo=
r=20
that reason, the webware user's homedir shouldn't contain the config file=
s.

I'd be inclined to create a /var/run/webkit directory for all the stuff t=
hat=20
changes during operation so that it is possible for paranoid sysadmins to=
=20
mount /usr/ read-only.  Putting the logs in /var/log/webkit is a good ide=
a. =20
Cheers,
Tavis

On July 10, 2002 12:21 pm, Stefan Schwarzer wrote:
> Hello Bill (and others) :-)
>
> On Mon, 8 Jul 2002, Bill Eldridge wrote:
> > Daniel Podlejski wrote:
> > > Hancock, David (DHANCOCK) wrote:
> > > : Stefan:  I think that there's no "porting" to be done.  If your
> > > : FreeBSD system has Python, you should be fine just installing and
> > > : running Webware for Python.
> > >
> > > No. Read http://www.freebsd.org/ports/index.html
> >
> > Well, what David was saying was that Webware should
> > work fine with Python 2.2 on FreeBSD with no changes.
> >
> > If you or Stefan wants to add this as an official Port
> > for this FreeBSD page, please go ahead.
> > (the egenix mxDate module is probably also necessary
> > and without problem if you want the database MiddleKit
> > included.  If there's anything else that doesn't work
> > on FreeBSD, you should report it here.)
>
> I've made a first attempt at creating a port. It can be found at
> www.sschwarzer.net/download/webware_port-0.1.tar.gz . The files'
> contents are relative to /usr/ports; I've placed the port under
> www/Webware. Use it at your own risk. :-)
>
> Hopefully all works well but there are surely some things to do (see
> comments at the bottom of the Makefile).
>
> The port does (or at least should do ;-) ) the following:
>
> - install the Webware distribution in /usr/local/Webware
> - call install.py there (use generated password)
> - make a default webware user with home directory /usr/local/webware
> - use MakeAppWorkDir.py to fill this dir
> - install a start/stop script in /usr/local/etc/rc.d
>
> This is the first port I made. It was only relatively fast because of
> the well-written Porter's Handbook and because I could use some files
> and ideas from the PostgreSQL port as templates. :)
>
> > Aside from that, since Python software is usually
> > installed using "setup.py build, setupt.py install",
> > it's questionable whether you really want to package
> > it according to the FreeBSD rules, but I haven't
> > thought about this much.
>
> Yes, I've thought about the same when there was this discussion on
> packaging some months ago. IMHO, every third-party software that a
> developer uses via  import module  should be placed below
> site-packages. On the other hand, I see the appserver really as an
> application that should not be in site-packages. Consequently,
> Webware's files would have to be distributed over several directories.
>
> For the port, I didn't go through this distinction; that is, this port
> doesn't use distutils (yet?) and installs "everything" in
> /usr/local/[Ww]ebware.
>
> I've thought about putting logs in /var/log/webkit or so instead of in
> the app workdir. What are your opinions on this?