Re: [webmin-devel] CORRECTION - PROBLEM NOT SOLVEDRE:Stumbling Forward RE: Getting Webmin torununderApacheforSolaris10-- Creating dent in desk from banging head.

[Joe C. <jo...@vi...>]

It would work if you can convince Apache to run CGIs as root...but the 
Apache folks go to great lengths to make that difficult to do, because 
of the horrendous security implications and the burden of auditing that 
much code. I've done it in the distant past, in pre-Webmin days, but 
have no recollection of how I did it, and suspect it would be very 
different today (I'm pretty sure suexec didn't exist back then, for 
instance). Webmin's miniserv.pl, by comparison, is miniscule, and 
written in a much higher level language with none of the common security 
concerns found in C code, where the program manages its own memory.

I question this assertion, as well: "What Apache would allow would be a 
richer tool set for extending functionality."

What specific functionality did you have in mind? miniserv.pl is written 
in Perl, and thus extremely easy to extend (though I'm always leery of 
touching the security-sensitive portions of Webmin, and miniserv is 
perhaps the most security-sensitive part of the whole package). I'm not 
saying Apache isn't a richer toolset...I'm just not sure how most of its 
tools would apply to Webmin.

Perhaps you can tell us what you're trying to accomplish, and we can 
lend some advice on those specific goals...maybe Apache will provide 
benefits for your particular case, but I'm currently doubtful of that. 
Speed is pretty much certainly not one of those benefits, security is 
definitely not one of those benefits, and "extending functionality" is 
currently a no-op in the discussion...without knowing what extended 
functionality you're looking for, I don't have anything constructive to 
say about it. ;-)

So, do I think you're wasting your time? If speed is why you're doing 
it, then you're wasting your time. Webmin won't be faster running under 
Apache (or any other web server, even the fastest web server in the 
world); it'll probably be slower (miniserv is an already running Perl 
process, removing most of the CGI spin up time from the equation). If 
security is why you're doing it, then you're wasting your time. miniserv 
provides a number of security features not found, or at least difficult 
to replicate, in Apache. There may be other good reasons to run under 
Apache (Jamie mentioned memory use, though even when I was building 
pretty memory-sensitive products, I could always find ~11MB for Webmin).

In short, define your problem clearly, and a solution might be easier to 
find.

On 3/21/2011 5:33 AM, PEOPLES, MICHAEL P (ATTSI) wrote:
> Joe,
>
> You may very well be right.  As I was writing that yesterday, I thought to myself, maybe someone with more experience than I should, metaphorically, "slap me upside the head" and tell me I'm wasting my time.
>
> That said, I wanted to see for myself, and given the fact that this is supposed to work (and my generally obsessive nature), I wanted to see for myself.
>
> I have sufficient knowledge of how Webmin and Apache work to understand that both are just serving up pages and Webmin is most certainly lighter than Apache.  What Apache would allow would be a richer tool set for extending functionality.
>
> I appreciate the time and help offered.  If folks with actual experience using Webmin under Apache feel I'm wasting mine time, don't hesitate to tell me.
>
> Thanks.
>
> Michael Peoples
> Senior Systems Manager
> AT&T - ATTSI
> Office:            614-789-8559
> Cell:    614-886-0923
> FAX:   614-789-8975
> mpe...@at...
>
> This e-mail and any files transmitted with it are AT&T property, are confidential, and are intended solely for the use of the individual or entity to whom this email is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited."
>
>
> -----Original Message-----
> From: Joe Cooper [mailto:jo...@vi...]
> Sent: Monday, March 21, 2011 3:28 AM
> To: web...@li...
> Subject: Re: [webmin-devel] CORRECTION - PROBLEM NOT SOLVEDRE:Stumbling Forward RE: Getting Webmin torununderApacheforSolaris10-- Creating dent in desk from banging head.
>
> I just read through this conversation, and it sounds like you're doing
> all of this because you believe running Webmin under Apache will be
> faster. I very strongly suspect it will be slower.
>
> On 3/20/2011 1:45 PM, PEOPLES, MICHAEL P (ATTSI) wrote:
>> The only way I know how to do this is via the suexec option in Apache.  This version of Apache (2.2.16) was not compiled with that option and attempts to do so have repeatedly failed (for some reason it doesn't like the OpenSSL install despite the fact that it is already using it (--with-ssl).
>>
>> Running Apache as root is strongly discouraged, so what I'm asking is, do you have a way to do this that doesn't involve recompiling Apache to include suexec or running Apache under root?
> ...
>
> ------------------------------------------------------------------------------
> Colocation vs. Managed Hosting
> A question and answer guide to determining the best fit
> for your organization - today and in the future.
> http://p.sf.net/sfu/internap-sfd2d
> -
> Forwarded by the Webmin development list at web...@we...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-devel
>
> ------------------------------------------------------------------------------
> Colocation vs. Managed Hosting
> A question and answer guide to determining the best fit
> for your organization - today and in the future.
> http://p.sf.net/sfu/internap-sfd2d
> -
> Forwarded by the Webmin development list at web...@we...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-devel