From owner-freebsd-questions@FreeBSD.ORG Wed May 30 20:51:47 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ACE5916A468 for ; Wed, 30 May 2007 20:51:47 +0000 (UTC) (envelope-from chris@vindaloo.com) Received: from corellia.vindaloo.com (corellia.vindaloo.com [64.51.148.100]) by mx1.freebsd.org (Postfix) with ESMTP id 5D0C413C44C for ; Wed, 30 May 2007 20:51:47 +0000 (UTC) (envelope-from chris@vindaloo.com) Received: from [172.24.145.69] (endor.vindaloo.com [172.24.145.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by corellia.vindaloo.com (Postfix) with ESMTP id 7B38A5D30; Wed, 30 May 2007 16:51:39 -0400 (EDT) Message-ID: <465DE3DA.7040504@vindaloo.com> Date: Wed, 30 May 2007 16:51:38 -0400 From: Christopher Hilton User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221) MIME-Version: 1.0 To: Erik Norgaard References: <465DDAA0.8060204@locolomo.org> In-Reply-To: <465DDAA0.8060204@locolomo.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Agus , freebsd-questions Subject: Re: NFS and apache... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2007 20:51:47 -0000 Erik Norgaard wrote: >> How can i do this? I am trying but im getting permission denied...while >> trying to create a file... > > NFS is insecure (No File Security) since there is no authentication. You > get access with the user id of your current user. > I didn't want to touch the security problems with this as I assumed that the original poster knows about them. Just the same I'm assuming that webserver:/etc/exports has a line like: /usr/local/www/data/mysite -maproot=nobody:nogroup 192.168.233.17 which would tighten down the mount to just the one machine. As a developer, without even looking at security I think that direct access to the webroot tree is a bad idea. However I'm giving the original poster the benefit of the doubt. Perhaps he's just trying to learn HTML and PHP. [snip] > > One security measure is implemented though: root user on client is > treated as nobody on the server. There is an option you can add to the > exports file (forgot which), to override this see the exports manpage. > >> Also if you have a different solution for updating the site..they are >> welcome.. > > Unless you have problems with diskspace, why not just use rsync? Do it > manually and you get time to correct blunders before they become public, > or do it as a cronjob. > rsync scp, dav, *** cvs *** When I work on a website I tend to start with the site directory in cvs to protect me from the damage caused by fat fingers. I'm an old C programmer and CVS and Make are tools that I'm used to so I usually add a really simple make file to the web tree... ***** Typical Makefile for web project ***** -- cut from here -- update: cvs -PAd . MYWEBUSER = www MYHOST = webserver.example.com MYWEBROOT = /usr/local/www/data/webserver.example.com/ publish: rsync -auv ./ $(MYWEBUSER)@$(MYHOST):$(MYWEBROOT) -- to here -- Then running: $ make update on the webserver from within the webtree will refresh the site from the latest copy in CVS. In my opinion this is the best way because with a little CVS knowledge you can back out any mistakes. This is also nice since it only depends on the ability for both your development machine and webserver to be able to reach the cvs server. A final nicety is that there are CVS clients for FreeBSD, Windows, and Mac OS X. On the downside you do have to setup a cvs server. Add a little magic with ssh-keygen and the command: $ make publish will push the current state of the web project, N.B. whatever it may be, onto the webserver. This is a lower overhead way of publishing that has the danger of no fallback position in case something is screwed up. Honestly I think that the publish tag is better used for testing than production but not every is willing to go to the overhead of using revision control (CVS, SVN, what have you) on this stuff. -- Chris -- __o "All I was doing was trying to get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)___________________________________________________________ Christopher Sean Hilton pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14