NFS and apache...

Agus agus.262 at gmail.com
Wed May 30 22:45:43 UTC 2007 

2007/5/30, Christopher Hilton <chris at vindaloo.com>:
>
> Erik Norgaard wrote:
>
> >> How can i do this? I am trying but im getting permission denied...while
> >> trying to create a file...
> >
> > NFS is insecure (No File Security) since there is no authentication. You
> > get access with the user id of your current user.
> >
>
> I didn't want to touch the security problems with this as I assumed that
>   the original poster knows about them. Just the same I'm assuming that
> webserver:/etc/exports has a line like:
>
>      /usr/local/www/data/mysite -maproot=nobody:nogroup 192.168.233.17
>
> which would tighten down the mount to just the one machine. As a
> developer, without even looking at security I think that direct access
> to the webroot tree is a bad idea. However I'm giving the original
> poster the benefit of the doubt. Perhaps he's just trying to learn HTML
> and PHP.
>
> [snip]
>
> >
> > One security measure is implemented though: root user on client is
> > treated as nobody on the server. There is an option you can add to the
> > exports file (forgot which), to override this see the exports manpage.
> >
> >> Also if you have a different solution for updating the site..they are
> >> welcome..
> >
> > Unless you have problems with diskspace, why not just use rsync? Do it
> > manually and you get time to correct blunders before they become public,
> > or do it as a cronjob.
> >
>
> rsync
> scp,
> dav,
> *** cvs ***
>
> When I work on a website I tend to start with the site directory in cvs
> to protect me from the damage caused by fat fingers. I'm an old C
> programmer and CVS and Make are tools that I'm used to so I usually add
> a really simple make file to the web tree...
>
> ***** Typical Makefile for web project *****
> -- cut from here --
>
> update:
>         cvs -PAd .
>
> MYWEBUSER =     www
> MYHOST =        webserver.example.com
> MYWEBROOT =     /usr/local/www/data/webserver.example.com/
>
> publish:
>         rsync -auv ./ $(MYWEBUSER)@$(MYHOST):$(MYWEBROOT)
>
> -- to here --
>
> Then running:
>
>       $ make update
>
> on the webserver from within the webtree will refresh the site from the
> latest copy in CVS. In my opinion this is the best way because with a
> little CVS knowledge you can back out any mistakes. This is also nice
> since it only depends on the ability for both your development machine
> and webserver to be able to reach the cvs server. A final nicety is that
> there are CVS clients for FreeBSD, Windows, and Mac OS X. On the
> downside you do have to setup a cvs server.
>
> Add a  little magic with ssh-keygen and the command:
>
>       $ make publish
>
> will push the current state of the web project, N.B. whatever it may be,
> onto the webserver. This is a lower overhead way of publishing that has
> the danger of no fallback position in case something is screwed up.
> Honestly I think that the publish tag is better used for testing than
> production but not every is willing to go to the overhead of using
> revision control (CVS, SVN, what have you) on this stuff.
>
> -- Chris
>
> --
>        __o          "All I was doing was trying to get home from work."
>      _`\<,_           -Rosa Parks
> ___(*)/_(*)___________________________________________________________
> Christopher Sean Hilton                    <chris | at | vindaloo.com>
>          pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14
>


Great.....thanks a lot guys....you've been very kind.....
I will begin reading about rsync and CVS then....it also seems a lot more
interesting than NFS....

Thanks again...
Greetz

More information about the freebsd-questions mailing list