de.mpg.escidoc.pubman.appbase.FacesBean
English
 
Help Guide Disclaimer Contact us Login
  Advanced SearchBrowse

Item

ITEM ACTIONSEXPORT

Released

Poster

Permission Isolation by Dedicated Apache Processes for Subversion and Trac

MPS-Authors
http://pubman.mpdl.mpg.de/cone/persons/resource/persons96313

Forkel,  Robert
Innovations, Max Planck Digital Library, Max Planck Society;

http://pubman.mpdl.mpg.de/cone/persons/resource/persons96359

Wobst,  André
Innovations, Max Planck Digital Library, Max Planck Society;

Locator
There are no locators available
Fulltext (public)
There are no public fulltexts available
Supplementary Material (public)
There is no public supplementary material available
Citation

Forkel, R., & Wobst, A. (2007). Permission Isolation by Dedicated Apache Processes for Subversion and Trac. Poster presented at 24. DV-Treffen der MPG, Abbe-Zentrum Campus Beutenberg Jena.


Cite as: http://hdl.handle.net/11858/00-001M-0000-0013-863F-7
Abstract
At Living Reviews we are serving content from various web applications and other internal sources on our public webservers. Our own web applications are run under specific user accounts configured to have minimal permissions. They are bound to the public webserver by proxy rewrite rules. For content typically served by the apache instance itself (subversion using webdav, trac instances using mod_python) we use additional apache instances running under separate accounts to limit file access for the internal data to those processes really needing them. The different apache instances are configured with minimal apache modules each (no mod_python for the subversion handling apache etc.). All apache instances use the binaries and modules provided by the distribution; only the config files differ.