[Webapps-common-discuss] webapps-common/doc
Webapps-Policy-Manual-DRAFT.sgml, 1.16, 1.17
seanius at haydn.debian.org
seanius at haydn.debian.org
Fri Aug 5 05:21:36 UTC 2005
Update of /cvsroot/webapps-common/webapps-common/doc
In directory haydn:/org/alioth.debian.org/chroot/home/users/seanius/tmp/cvs-serv3526
Modified Files:
Webapps-Policy-Manual-DRAFT.sgml
Log Message:
suggestions from charles and a couple other things
Index: Webapps-Policy-Manual-DRAFT.sgml
===================================================================
RCS file: /cvsroot/webapps-common/webapps-common/doc/Webapps-Policy-Manual-DRAFT.sgml,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- Webapps-Policy-Manual-DRAFT.sgml 25 Jul 2005 21:52:37 -0000 1.16
+++ Webapps-Policy-Manual-DRAFT.sgml 5 Aug 2005 05:21:33 -0000 1.17
@@ -91,7 +91,7 @@
to these other policies:
<list>
<item><url id="http://people.debian.org/~seanius/policy/dbapp-policy.html" name="Database Application Policy">
- <item><url id="http://people.debian.org/~seanius/policy/dbapp-policy.html" name="Database Application Policy">
+ <item><url id="http://webapps-common.alioth.debian.org/draft-php/html" name="Debian PHP Policy">
<item><url id="http://www.debian.org/doc/packaging-manuals/perl-policy/" name="Debian Perl Policy">
</list>
<chapt id="terms">Terms and Conventions
@@ -183,42 +183,27 @@
of files:
<p>
<taglist>
- <tag><item>
- <p><strong>Static and dynamically interpreted content</strong>
- <p><em><tt>/usr/share/<var>PACKAGE</var>/www</tt></em>
- <tag><item>
- <p><strong>Dynamically executed content</strong>
- <p>A unique subdirectory of either
- <em><tt>/usr/lib/cgi-bin/<var>PACKAGE</var></tt></em>
- or
- <em><tt>/usr/lib/<var>PACKAGE</var></tt></em>
- (architecture-dependant)
- <p>A unique subdirectory of <em><tt>/usr/share/<var>PACKAGE</var></tt></em> (architecture-independant)
- <tag><item>
- <p><strong>Application-specific include files</strong>
- <p>A unique subdirectory of <em><tt>/usr/share/<var>PACKAGE</var></tt></em>
- <tag><item>
- <p><strong>Other static data, and helper scripts that don't belong in users' paths</strong>
- <p>A unique subdirectory of <em><tt>/usr/share/<var>PACKAGE</var></tt></em>
- <tag><item>
- <p><strong>Persistent application data</strong>
- <p><strong>Cached and regenerated application data</strong>
- <p><strong>rrd, mrtg and other database files</strong>
+ <tag>Static and dynamically interpreted content
+ <item><file>/usr/share/<var>PACKAGE</var>/www</file>
+ <tag>Dynamically executed content
+ <item>A unique subdirectory of either <file>/usr/lib/cgi-bin/<var>PACKAGE</var></file> or <file>/usr/lib/<var>PACKAGE</var></file> (architecture-dependant)
+ <item>A unique subdirectory of <file>/usr/share/<var>PACKAGE</var></file> (architecture-independant)
+ <tag>Application-specific include files
+ <item>A unique subdirectory of <file>/usr/share/<var>PACKAGE</var></file>
+ <tag>Other static data, and helper scripts that don't belong in users' paths
+ <item>A unique subdirectory of <file>/usr/share/<var>PACKAGE</var></file>
+ <tag>Persistent application data, Cached/regenerated application data, rrd, mrtg and other database files
<p><em>See
<url id="http://people.debian.org/~seanius/policy/dbapp-policy.html" name="database application policy">.
</em>
- <tag><item>
- <p><strong>Site configuration (settings/passwords)</strong>
- <p><em><tt>/etc/<var>PACKAGE</var></tt></em>
- <tag><item>
- <p><strong>Modifiable and overridable content</strong>
- <p>A subdirectory of <em><tt>/etc/<var>PACKAGE</var></tt></em>
- <tag><item>
- <p><strong>PHP includable libraries</strong>
- <p><em><tt>/usr/share/php/<var>PACKAGE</var></tt></em>
- <tag><item>
- <p><strong>Perl includable libraries</strong>
- <p>See <url id="http://www.debian.org/doc/packaging-manuals/perl-policy/" name="Debian Perl Policy">
+ <tag>Site configuration (settings/passwords)
+ <item><file>/etc/<var>PACKAGE</var></file>
+ <tag>Modifiable and overridable content
+ <item>A subdirectory of <file>/etc/<var>PACKAGE</var></file>
+ <tag>PHP includable libraries
+ <item><file>/usr/share/php/<var>PACKAGE</var></file>
+ <tag>Perl includable libraries
+ <item>See <url id="http://www.debian.org/doc/packaging-manuals/perl-policy/" name="Debian Perl Policy">
</taglist>
<sect id="issues-conf">Configuration Files and Customizable Content
@@ -227,7 +212,7 @@
files that require being edited by the
local administrator (for information such
as "themes" or credentials to a database)
- must be located under <tt>/etc</tt>,
+ must be located under <file>/etc</file>,
in a directory specific to the package
in question.
<p>
@@ -244,10 +229,10 @@
"include" construct for the language
in question. to include a smaller,
trimmed down configuration file from
- <tt>/etc/<var>PACKAGE</var></tt>.
+ <file>/etc/<var>PACKAGE</var></file>.
In PHP this would be
- <tt>require_once</tt>, and in perl this
- would be <tt>use</tt>.
+ <file>require_once</file>, and in perl this
+ would be <file>use</file>.
<sect1 id="issues-conf-perm">Permissions and Ownership of Configuration Files
<p>
@@ -280,18 +265,15 @@
requirements for configuration
file permissions and ownership
<taglist>
- <tag><item>
- <p><strong>Sensitive settings/passwords</strong>
- <p>Ownership: <tt>root:www-data</tt>
- <p>Permissions: <tt>640</tt>
- <tag><item>
- <p><strong>Non-sensitive settings (themes, etc)</strong>
- <p>Ownership: <tt>root:www-data</tt>
- <p>Permissions: <tt>644</tt>
- <tag><item>
- <p><strong>Application-modifiable configuration</strong>
- <p>Ownership: <tt>root:www-data</tt>
- <p>Permissions: <tt>660</tt>
+ <tag>Sensitive settings/passwords
+ <item>Ownership: <tt>root:www-data</tt>
+ <item>Permissions: <tt>640</tt>
+ <tag>Non-sensitive settings (themes, etc)
+ <item>Ownership: <tt>root:www-data</tt>
+ <item>Permissions: <tt>644</tt>
+ <tag>Application-modifiable configuration
+ <item>Ownership: <tt>root:www-data</tt>
+ <item>Permissions: <tt>660</tt>
</taglist>
<sect id="issues-static">Static content
@@ -318,7 +300,7 @@
it should either follow the previously
mentioned guidelines for configuration and
customizable content or use a subdirectory
- of <tt>/usr/local/<var>PACKAGE</var></tt>.
+ of <file>/usr/local/<var>PACKAGE</var></file>.
Managing the latter is outside the scope
of this document.
<sect id="issues-database">Database issues
@@ -336,7 +318,7 @@
<p>Scripts that shouldn't normally need
to exist in the standard system path should
follow the standard Debian policy and exist
- in <tt>/usr/share/<var>PACKAGE</var></tt>.
+ in <file>/usr/share/<var>PACKAGE</var></file>.
<p>However, web applications have the additional
requirement that if such scripts are not
intended to be directly accessed via the
@@ -351,10 +333,10 @@
<p>The policy for Architecture dependant binaries
should follow the general rules of the
FHS and Debian policy, and exist in
- <tt>/usr/lib/<var>PACKAGE</var></tt>.
+ <file>/usr/lib/<var>PACKAGE</var></file>.
Additionally, policy
permits these files to exist in
- <tt>/usr/lib/cgi-bin/<var>PACKAGE</var></tt>
+ <file>/usr/lib/cgi-bin/<var>PACKAGE</var></file>
though this may
become deprecated in the future.
<p>Similar to Architecture-independent files,
@@ -377,16 +359,22 @@
<p>
As previously mentioned, application-specific include
files should exist in a unique subdirectory of
- <tt>/usr/share/<var>PACKAGE</var></tt>. This subdirectory
+ <file>/usr/share/<var>PACKAGE</var></file>. This subdirectory
should exist outside of any web-accessible directory, as many
security-related problems in poorly written web applications
are the direct result of not doing so.
<sect id="php">PHP
<p>
- point to the php policy.
+ Issues specific to the PHP programming language
+ are covered in the
+ <url id="http://webapps-common.alioth.debian.org/draft-php/html" name="PHP Policy"> Document
+
<sect id="perl">Perl
+ Issues specific to the PHP programming language
+ are covered in the
point to the perl policy.
+ <url id="http://www.debian.org/doc/packaging-manuals/perl-policy/)" name="Perl Policy"> Document
<chapt id="httpd"> Dealing with the webserver
<sect id="httpd-register">Registering a web application with a web server
@@ -400,9 +388,9 @@
and not make any assumptions
about the content existing
in other locations, such
- as <tt>/usr/local</tt>,
- <tt>/var/www</tt> or
- <tt>/srv</tt>. Such locations
+ as <file>/usr/local</file>,
+ <file>/var/www</file> or
+ <file>/srv</file>. Such locations
are intended for use at the
discretion of the local
administrator.
@@ -425,12 +413,12 @@
a webserver, a package should
place the relevant webserver
configuration in a file under
- <tt>/etc/<var>PACKAGE</var></tt> if
+ <file>/etc/<var>PACKAGE</var></file> if
the target web server supports
drop-in configuration via a
configuration file directory (such
as the apache family of httpds'
- <tt>conf.d</tt> directories) or
+ <file>conf.d</file> directories) or
"include" configuration. In the
case of the latter, standard Debian
policy applies with respect to
@@ -457,7 +445,7 @@
<p>
Unregistering a web application should be
handled by removing the symbolic link
- in the case of <tt>conf.d</tt>-style directories.
+ in the case of <file>conf.d</file>-style directories.
In the case of "include" style directives,
standard Debian policy applies to modifying
web server configuration files.
@@ -483,9 +471,11 @@
on where to find config files
<item>
Server environment variables such as
- SERVER_NAME can be used to provide
- applications with enough information to
- find what config file/script it should use
+ <var>SERVER_NAME</var> and
+ <var>HTTP_HOST</var> can be used to
+ provide applications with enough
+ information to find what config
+ file/script it should use
<item>
For php applications under apache, one
can use "php_value auto_prepend_file"
@@ -502,10 +492,10 @@
The static and dynamically interpreted
content of a web application should be
accessable from at or underneath
- <tt>http://<var>servername</var>/<var>PACKAGE</var></tt>
+ <tt>http://<var>SERVERNAME</var>/<var>PACKAGE</var></tt>
The package's dynamically executed content may
also be accessible from
- <tt>http://<var>servername</var>/cgi-bin/<var>PACKAGE</var></tt>
+ <tt>http://<var>SERVERNAME</var>/cgi-bin/<var>PACKAGE</var></tt>
<chapt id="tools">Tools provided to help maintenance
<p>
More information about the Webapps-common-discuss
mailing list