Re: [PHPLIB] Using PHPLIB(auth & session) for multiple user accounts From: Kristian Köhntopp (kk <email protected>)
Date: 10/26/99

Mark Constable wrote:
> That's pretty normal except for the seperate PHP CGI and complete PHPLIB
> codebase for each vhost. Do you think it would difficult to seperate out
> absolutely core PHPLIB classes that could then be cleanly reused ?

I don't know and I would not deploy that way. Disk is cheap and I want
self contained, chrootable installations for security and maintainability.

We are using the following layout

wwwx[admin] # pwd
/home/www
wwwx[admin] # ls -l
total 24
drwxr-xr-x 4 root other 512 Oct 15 15:35 database/
drwxr-xr-x 3 root other 512 Sep 7 12:35 etc/
drwxr-xr-x 2 root other 512 Sep 7 16:08 logs/
drwxr-xr-x 2 root other 512 Sep 20 11:08 oldservers/
drwxr-xr-x 2 root other 512 Oct 26 11:29 sbin/
drwxr-xr-x 25 root other 1024 Sep 24 09:11 servers/
drwxr-xr-x 11 root other 512 Aug 19 14:53 skeleton/
drwxr-xr-x 2 root other 512 Jun 30 18:54 tmp/
drwxr-xr-x 2 root other 2048 Oct 26 11:31 webalizer/
drwxr-xr-x 2 root other 512 Sep 21 17:04 webalizer-src/

The database directory is in fact a collection of symlinks:

wwwx[admin] # ls -l database/ | head -3
total 129192
lrwxrwxrwx 1 root other 44 Sep 7 16:58 abz -> /home/www/servers/abz.dev.netuse.de/database/
lrwxrwxrwx 1 root other 47 Sep 9 17:48 dnsmgr -> /home/www/servers/dnsmgr.dev.netuse.de/database/

The etc directory contains a collection of configuration files
for the apache server, which we use to generate the configuration:
wwwx[admin] # ls -l etc/preconf/ | head -3
total 48
drwxr-xr-x 2 root other 512 Sep 7 13:09 abz.dev.netuse.de/
drwxr-xr-x 2 root other 512 Sep 7 13:26 dnsmgr.dev.netuse.de/

The logs/ directory is largely unused, it contains the general error
log. sbin/ is our collection of server tools:

wwwx[admin] # ls -l sbin
-rwx------ 1 root other 4965 Oct 25 16:04 build-conf*
-rw-r--r-- 1 root other 800 Oct 22 13:39 config.pl
-rwxr--r-- 1 root other 8650 Oct 22 13:44 createserver.pl*
-rw-r--r-- 1 root other 533 Sep 5 21:20 crontab.sample
-rwxr--r-- 1 root other 3721 Sep 20 11:04 delserver.pl*
-rwxr-xr-x 1 root other 1487 Sep 21 17:38 logcycle*
-rwxr-xr-x 1 root other 770 Sep 9 16:18 make-overview.pl*
-rwxr-xr-x 1 root other 1348 Sep 9 16:22 make-smb.conf*
-rwxr--r-- 1 root other 764 Sep 7 11:46 make_skeleton.sh*
-rwxr-xr-x 1 root other 13064 Aug 18 15:39 mypasswd*
---s--x--x 1 root other 11100 Aug 18 15:39 newroot*

where buildconf generates the apache configuration, config.pl is
being sourced by everything and defines all pathnames, createserver.pl
creates a server and stuff, delserver.pl tars up and deletes a
server, logcycle runs daily and also does stats, make-overview.pl
generates the wwwx.netuse.de start page, make-smb.conf does just
that and mypasswd and newroot are C programs which set passwords
noninteractively and establish a chroot environment.

oldservers/ is where delserver.pl puts the tar archive, skeleton is
where the createserver.pl find the structure that is being established
below

wwwx[admin] # ls -l servers/ | head -3
total 46
drwxr-xr-x 15 uw wwwrun 512 Sep 7 16:12 abz.dev.netuse.de/
drwxr-xr-x 14 eh wwwrun 512 Oct 19 15:17 dnsmgr.dev.netuse.de/

for each server. And tmp/ and webalizer should be pretty obvious.

For each server we do have

wwwx[admin] # ls -l servers/phplib.netuse.de/
total 28
lrwxrwxrwx 1 root other 7 Sep 7 13:42 bin -> usr/bin/
drwxr-xr-x 2 phplib wwwrun 512 Oct 1 14:06 cgi/
drwxr-xr-x 2 phplib wwwrun 512 Oct 15 15:35 database/
drwxr-xr-x 2 phplib wwwrun 512 Jul 8 17:40 dev/
drwxr-xr-x 3 phplib wwwrun 512 Oct 1 14:04 etc/
drwxr-xr-x 2 phplib wwwrun 2048 Oct 26 00:26 logs/
lrwxrwxrwx 1 root other 3 Sep 7 13:42 opt -> usr/
drwxr-xr-x 10 phplib wwwrun 1024 Oct 26 10:50 pages/
drwxr-sr-x 2 phplib wwwrun 1024 Sep 9 17:53 php/
drwxr-xr-x 2 phplib wwwrun 512 Jul 8 14:58 tmp/
drwxr-xr-x 5 phplib wwwrun 512 Aug 19 10:41 usr/
drwxr-xr-x 3 phplib wwwrun 512 Jul 14 16:59 var/
drwxr-xr-x 3 phplib wwwrun 1024 Oct 26 11:35 zugriffe/

a chrootable environment which contains:

cgi/ the php3.ini and the php binary,
database/ the mysql database table files,
etc/ the htpasswd and htgroup files,
logs/ the server logs for that server, daily files, gzipped,
pages/ the pages,
php/ the copy of PHPLIB,
zugriffe/ (accesses in english) the webalizer generated stats.

The whole structure is chrootable and user accessible, with ftp
or secure shell. It is also tar'able and can be easily moved to
another machine, because all relevant data except the apache config
is contained in here. We cannot allow access to the apache config,
for security reasons, so this is an exception.

We do give each vhost a copy of PHP and PHPLIB to allow then to
update independently and to achieve the management goal of being
able to move users from machine to machine without hassle.

Kristian 

-- 
Kristian Köhntopp, NetUSE Kommunikationstechnologie GmbH
Siemenswall, D-24107 Kiel, Germany, +49 431 386 436 00
Using PHP3? See our web development library at
http://phplib.netuse.de/ (We have moved! Update your bookmarks!)
-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.