On 2004-05-07 at 18:35 +0300, Odhiambo G. Washington wrote:
> I have some space and I'd like to create a mirror in Kenya.
> I wanted to find out the best way to do it. After reading about rsync,
> I wonder if the below would suffice, apart from the ftp dir mapping in httpd:
> /usr/local/bin/rsync -vvaW --stats --delete --timeout=600 ftp.exim.org::ftp $EXIM_FTP_DIR
> How do the others do it? Just comparing notes ;-(
ftp.demon.nl uses:
rsync -rlpt
ftp.exim.org::ftp /pub/mirrors/exim
in the crontab of a non-privileged user.
> chown -R www:www $EXIM_DIR
You also probably do _not_ want to do that chown!
If the web-server is running as user www:www, then anything which is
writably by www:www will be modifiable by any CGI script not running as
another user, or by any compromise of the web-server. Let the Unix
kernel work for you, to provide layered defense. Have the contents be
owned by another user and readable by www:www.
--
Phil Pennock, Senior Systems Administrator, Demon Internet Netherlands
NL Sales: +31 20 422 20 00 Thus Plc NL Support: 0800 33 6666 8
