Date: Wed, 30 May 2007 19:45:42 -0300 From: Agus <agus.262@gmail.com> To: "Christopher Hilton" <chris@vindaloo.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: NFS and apache... Message-ID: <fda61bb50705301545n3bb1d39di875892e19aeba50f@mail.gmail.com> In-Reply-To: <465DE3DA.7040504@vindaloo.com> References: <fda61bb50705291654q115a9420m1546ceaa62f40115@mail.gmail.com> <465DDAA0.8060204@locolomo.org> <465DE3DA.7040504@vindaloo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2007/5/30, Christopher Hilton <chris@vindaloo.com>: > > Erik Norgaard wrote: > > >> How can i do this? I am trying but im getting permission denied...while > >> trying to create a file... > > > > NFS is insecure (No File Security) since there is no authentication. You > > get access with the user id of your current user. > > > > I didn't want to touch the security problems with this as I assumed that > the original poster knows about them. Just the same I'm assuming that > webserver:/etc/exports has a line like: > > /usr/local/www/data/mysite -maproot=nobody:nogroup 192.168.233.17 > > which would tighten down the mount to just the one machine. As a > developer, without even looking at security I think that direct access > to the webroot tree is a bad idea. However I'm giving the original > poster the benefit of the doubt. Perhaps he's just trying to learn HTML > and PHP. > > [snip] > > > > > One security measure is implemented though: root user on client is > > treated as nobody on the server. There is an option you can add to the > > exports file (forgot which), to override this see the exports manpage. > > > >> Also if you have a different solution for updating the site..they are > >> welcome.. > > > > Unless you have problems with diskspace, why not just use rsync? Do it > > manually and you get time to correct blunders before they become public, > > or do it as a cronjob. > > > > rsync > scp, > dav, > *** cvs *** > > When I work on a website I tend to start with the site directory in cvs > to protect me from the damage caused by fat fingers. I'm an old C > programmer and CVS and Make are tools that I'm used to so I usually add > a really simple make file to the web tree... > > ***** Typical Makefile for web project ***** > -- cut from here -- > > update: > cvs -PAd . > > MYWEBUSER = www > MYHOST = webserver.example.com > MYWEBROOT = /usr/local/www/data/webserver.example.com/ > > publish: > rsync -auv ./ $(MYWEBUSER)@$(MYHOST):$(MYWEBROOT) > > -- to here -- > > Then running: > > $ make update > > on the webserver from within the webtree will refresh the site from the > latest copy in CVS. In my opinion this is the best way because with a > little CVS knowledge you can back out any mistakes. This is also nice > since it only depends on the ability for both your development machine > and webserver to be able to reach the cvs server. A final nicety is that > there are CVS clients for FreeBSD, Windows, and Mac OS X. On the > downside you do have to setup a cvs server. > > Add a little magic with ssh-keygen and the command: > > $ make publish > > will push the current state of the web project, N.B. whatever it may be, > onto the webserver. This is a lower overhead way of publishing that has > the danger of no fallback position in case something is screwed up. > Honestly I think that the publish tag is better used for testing than > production but not every is willing to go to the overhead of using > revision control (CVS, SVN, what have you) on this stuff. > > -- Chris > > -- > __o "All I was doing was trying to get home from work." > _`\<,_ -Rosa Parks > ___(*)/_(*)___________________________________________________________ > Christopher Sean Hilton <chris | at | vindaloo.com> > pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 > Great.....thanks a lot guys....you've been very kind..... I will begin reading about rsync and CVS then....it also seems a lot more interesting than NFS.... Thanks again... Greetz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fda61bb50705301545n3bb1d39di875892e19aeba50f>