<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> On 10/08/2009 11:37 AM, Rich Megginson wrote: <blockquote cite="mid:4ACE3173.3010105@redhat.com" type="cite">I'd like to move mod_admserv and mod_restartd into the admin.git repo as sub-directories. I couldn't figure out a way to migrate the CVS history data into a git subdirectory, so I was thinking about just copying the files in there with no history. Is this ok? We can always refer back to the old CVS repo if we need to see history. </blockquote> I think this is fine. As you say, we can always look at the old CVS repo if needed. <blockquote cite="mid:4ACE3173.3010105@redhat.com" type="cite"> It turns out we can't get rid of mod_restartd and use mod_suexec. mod_suexec explicitly forbids running CGIs as root, so we can't use that to start the servers. I don't really like the fact that we have to support this module for the sole purpose of being able to remotely start, restart, and create instances of servers that run on low ports. For one, mod_restartd is and always will be a security nightmare waiting to happen - it is just a bad, bad idea to execute CGIs as root (or run the admin server as root).</blockquote> Agreed. We can mitigate the risk some by constraining things with SELinux policy. <blockquote cite="mid:4ACE3173.3010105@redhat.com" type="cite"> For another, usually init or something like daemontools does a much better job of making sure remote servers are running (e.g. restarting after a crash). You always have to run setup-ds-admin.pl when installing on a remote system, and that creates the directory server instance, so I'm not really sure how useful it is to be able to remotely create instances. I'd like to propose that we make this feature optional (that is, can build admin server without it) and possibly get rid of it altogether. </blockquote> It doesn't seem too common for people to run multiple instances on the same system out in the wild. Even for those who do, I would imagine that instance creation is not a common occurrence, and this would really only affect Console users. This would mean that changes are needed to Console to get rid of the "Create Instance" task though. <blockquote cite="mid:4ACE3173.3010105@redhat.com" type="cite"> I would also like to relax the requirement that we have to use the threaded model Apache. The only reason we require this is because mod_admserv caches the auth credentials and ACIs in memory, in case you need to perform a task while the config DS is down (e.g. like start or restart). There are a few changes required to mod_admserv to relax this restriction. </blockquote> If the threaded model is not used, does that mean you can't perform tasks when the config DS is down, even with the changes you have in mind? <blockquote cite="mid:4ACE3173.3010105@redhat.com" type="cite"> <pre wrap=""> <hr size="4" width="90%"> -- 389-devel mailing list <a class="moz-txt-link-abbreviated" href="mailto:389-devel@redhat.com">389-devel@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/fedora-directory-devel">https://www.redhat.com/mailman/listinfo/fedora-directory-devel</a> </pre> </blockquote> </body> </html>