[RH List] RE: Separate shell and www servers...

[Tobias Speckbacher]

> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Ed Wilts
> Sent: Tuesday, August 17, 2004 12:41 PM
> To: General Red Hat Linux discussion list
> Subject: Re: [RH List] RE: Separate shell and www servers...
> 
> On Tue, Aug 17, 2004 at 01:17:31PM -0600, Ashley M. Kirchner wrote:
> > Ed Wilts wrote:
> >
> > >The automounter might really help you here.  As the user logs in,
the
> > >home area will be automatically mounted (or subdirectories, one per
> > >site perhaps).  The user can make all the changes, then the mount
will
> > >be automatically dismounted a minute or two later.
> > >
> > >
> >    How would that work though?  I'd still have to manually create
the
> > folder on the remote www server, don't I?
> 
> Yup.  The folder has to be on the www server anyway.
> 
> > And permissions?  I haven't
> > (ever) looked into using the automounter, so I have no clue how that
all
> > ties into one another.
> 
> If you have the 2 servers in the same ldap or NIS domain, then the
> permissions will be solved.  The user owns the files but they have
group
> read access to the data.
> 
> The automounter has its strenghts and weaknesses.  I use it at home to
> automount my Windows system drive to backups.  It gets smbmount'ed,
> rsync'd, and then automatically unmounted.
> 
> I believe that automount was invented to do stuff like mount home
> directories off of a remote NFS server.  Red Hat does have autofs
> documentation in both the Reference Guide and in the System
> Administration Guide.
> 
> --
> Ed Wilts, RHCE
> Mounds View, MN, USA
> mailto:ewilts at ewilts.org
> Member #1, Red Hat Community Ambassador Program
> 

To avoid problems with permissions inside the webserver I would probably
use suexec (http://httpd.apache.org/docs-2.1/suexec.html) support for
apache.  That way you wont have to use a generic group across all
accounts which could cause you some security issues in the long run.  

Probably also save you support headache when users start to chown their
content to their groups and do all kinds of other funky stuff with
ownership. 

I also would highly recommend a directory service to synchronize users
between the 2 systems.  NIS is easy to deploy but it also is very easy
for users to get a password/user map using ypcat passwd.  Havent used
LDAP recently but it seems the way to go in regards of directory
services these days.

As for the mounts ... one static mount of /home is very easy to
implement.
Autofs or automount seem to be viable for this task as well although
slightly more complex in implementation.

-Tobias