Forum OpenACS Development: Re: Reference Platforms and Supported Platforms
8: Re: Reference Platforms and Supported Platforms (response to 1)
Posted by Jerry Asher on 03/03/03 11:24 PM
Echoing Vinod, given the limited flexibility of aolserver config files, I think it is a mistake to put them into /etc.
I place most aolserver things into ~/aol<version> and most openacs things into ~/openacs<version> and then I cons a new user for each aolserver/openacs installation.
9: Re: Reference Platforms and Supported Platforms (response to 8)
Posted by Joel Aufrecht on 03/04/03 02:59 AM
If I understand, the security problem is that the user under which aolserver runs should not have write access to the binary. I'm uncomfortable with the "joeuser" setup because I don't think that accounts used for routine login should also be running services. I also don't think we should have any instance stuff in /home. What about this:
- a dedicated, nologin user for each instance.
- Each instance has a directory in /web/instance-name which is only readable by the user
- All instance-specific config files, including (instance-name.tcl, ssl subdir (ssl instructions, including generating self-signed certs, are being integrated into the install doc, by the way), analog config, daemontools subdir), go in /web/instance-name/etc