Quick review

Rocco Stanzione grasshopper at linuxkungfu.org
Tue Apr 11 15:55:56 BST 2006 

On Sunday 09 April 2006 06:49, Adam Conrad wrote:
> > sudo apt-get install apache2 apache2-common
>
> I see this mistake over and over (and over) again in various Ubuntu
> guides and HOWTOs, and I really thing we need to stop.  If apache2
> depends on apache2-common (and yes, it does), then why on earth do we
> complicate things by telling users to explicitly install both?  "apt-get
> install apache2" would work just as well, and is much less confusing.

Glad you caught that.

> > sudo cp server.key server.crt /etc/apache2/ssl/
> > sudo chmod 400 /etc/apache2/ssl/server.key /etc/apache2/ssl/server.crt
> > sudo chown www-data /etc/apache2/ssl/server.key
> > /etc/apache2/ssl/server.crt
>
> I see two problems with this.  Number one, it would probably be best to
> tell users to use /etc/ssl/{certs,private} for their certificate setup,
> since this is what we do by default, and it keeps everything
> cert-related in one neat, tidy, and easily securable place.

I've actually never seen it done that way before, but I like the idea.

> Problem number two, and this is much worse.  Never (never, EVER)
> recommend that a user make a file owned by www-data.  You've just
> allowed any CGI/PHP/etc script (including one exploited from a flaw in,
> say, some user's bulletin board system) to read/overwrite and otherwise
> abuse that file.

Another good catch.

> My only other complaint about the doc, I suppose, is that you spend a
> great deal of time discussing certain elements of Apache and how to
> configure it, but dedicate exactly two words to pointing at the upstream
> documentation, which will always be more complete, more accurate, and
> more up to date.
>
> I suggest that in each stanza where you try to explain to users how to
> use a certain feature (DocumentRoot, for instance), you link to the
> official documentation for that directive, so users get used to checking
> the upstream manual and learn more about how the whole thing works (and
> thus, stop relying on Ubuntu-specific HOWTOs for beginners).  Teach a
> man to fish, and all that.

I think we on the doc team all agree that these are excellent suggestions that 
warrant an exception to the string freeze, and I'll be implementing them as 
soon as I can.  Thanks a bunch for looking over it and for your thoughtful 
and constructive response.

Rocco Stanzione

More information about the sounder mailing list