Forum OpenACS Development: Re: Reference Platforms and Supported Platforms

8: Re: Reference Platforms and Supported Platforms (response to 1)

Posted by Jerry Asher on 03/03/03 11:24 PM

Echoing Vinod, given the limited flexibility of aolserver config files, I think it is a mistake to put them into /etc.

I place most aolserver things into ~/aol<version> and most openacs things into ~/openacs<version> and then I cons a new user for each aolserver/openacs installation.

9: Re: Reference Platforms and Supported Platforms (response to 8)

Posted by Joel Aufrecht on 03/04/03 02:59 AM

If I understand, the security problem is that the user under which aolserver runs should not have write access to the binary. I'm uncomfortable with the "joeuser" setup because I don't think that accounts used for routine login should also be running services. I also don't think we should have any instance stuff in /home. What about this:

a dedicated, nologin user for each instance.
Each instance has a directory in /web/instance-name which is only readable by the user
All instance-specific config files, including (instance-name.tcl, ssl subdir (ssl instructions, including generating self-signed certs, are being integrated into the install doc, by the way), analog config, daemontools subdir), go in /web/instance-name/etc