[Mageia-dev] Proofreading web applications policy

Maarten Vanraes maarten.vanraes at gmail.com
Tue Jan 18 19:48:04 CET 2011

Op dinsdag 18 januari 2011 19:07:00 schreef Remy CLOUARD:
> Hello there,
> I started to have a look at the webapps policy.
> There’s something that has been bugging me for a while, that’s the
> apache-centric way of thinking of this policy.
> To me, there are valuable alternatives to apache that deserve to be
> treated equally.
> Here are the packages that provides webserver
> apache-ssl|apache-mpm-event|apache-mpm-peruser|nginx|lighttpd|
> cherokee|apache-mpm-itk|apache-mpm-worker|thttpd|apache-mpm-rsbac|
> apache-mpm-prefork|boa
> “These are the files that are susceptible to change during the
> application's lifetime. They go in /var/lib/foo. If they are supposed to
> be editable by the application directly from the web interface, they
> should be owned by apache user and apache group.”
> Could we create a generic group (webserver for instance) to allow
> webapps to play nice with these webserver ?

i think we could call it www-data so we can play nice in multidistro 
environment with idmapping (or possibly even no idmapping).

> Same goes for logfiles and config files containing sensitive
> informations.
> I would also be in favor of creating subpackages for webapps that
> provides better integration with apache such as files in
> /etc/httpd/conf/webapps.d/.

i'm in favor of webapps that are webserver independant.

> That way, webapps should have a Requires on webserver, and the
> subpackage should have one on apache.
> Another issue is the owner of /var/www. This directory is owned by
> apache-conf. Could we instead make a generic package called
> webserver-data for instance that would provide it ? This way each
> package providing webserver would have to require webserver-data.

www-data ? again?

> Finally, that may be a little cosmetic detail, but I would prefer
> template files for apache to be in a separate file in SOURCES/ that’s
> included instead of creating it in the spec like:
> cat > %{buildroot}%{_webappconfdir}/%{name}.conf <<EOF


One more thing, for apache specific: apache has multiple layouts, and the 
current redhat-like one (or even mandriva-one) is not really that easy to 
configure. the debian-style layout with vhosting on by default is much easier 
imho. (perhaps vhosting by default could be something that all webservers are 
set up on.)

However, this is all great, but we agreed to have mandriva-2010.2 upgrade 
paths. so don't forget about that.

More information about the Mageia-dev mailing list