First off, I want to thank Joel for taking over the install docs. It's nice to see it being done in such a thoughtful, organized fashion.
I changed the AOLserver installation instructions based on advice from Pascal Scheffers in this thread.
I'm no security expert, but here's my understanding of the issue:
- AOLserver is running as nsadmin
- Someone finds an exploit in OpenACS or AOLserver, giving them access to the filesystem.
- Since they have nsadmin privs, they can alter the nsd binaries.
- They kill the server which usually causes an automatic restart
- nsd initially starts off with root privs, so the new binary can do whatever it wants on your system
Now this can be fixed simply by making the nsd binary unwritable by nsadmin. But Pascal advised me that giving the webserver any more privs than it needs is a security risk, so I changed the docs to show AOLserver running as 'nobody', like Apache does. I mentioned these changes in this thread and, not hearing any dissenting opinions, went ahead.
I moved the serverroot from /web to /home/joeuser/web because I was advised (can't remember from whom) that it was more FHS compatible. This easily allows 2 users on my machine to have completely separate OpenACS installations that the other user can't access. I don't think there's any problem with putting a production site in /home/joeuser/web. I do it 😊
