| Messju Mohr 2004-03-27, 12:31 am |
| On Sun, Mar 21, 2004 at 09:37:20PM +0100, Jochen Kaechelin wrote:
> Hello list,
>
> I'am running debian/sid and smarty 2.6.2 and I have the following
> question:
>
> I will give all clients a _smarty directory which include a
> template and a config directory.
>
> clientname:www-data templates (chmod 0770)
> clientname:www-data configs (chmod 0770)
>
> My question is, if it is a good idea to create a global templates_c
> and cache directory under /usr/share/php/smarty/
no, you need a distinct templates_c and cache directory for each
templates directory you have.
> www-data:www-data templates_c (chmod 0700)
> www-data:www-data cache (chmod 0700)
>
> when I will create a templates_c directory under the users
> _smarty directory everybody can view the contents of the compiled
> scripts by typing
>
> www.clientdomain.de/_smarty/templates_c/templatename
>
> What's the best, most secure way to install smarty globally for
> several clients?
I think It's best to create a htdocs directory for each client (that
actually is the webroot) and a phptmp directory that is outside of the
webroot and can contain data like uploaded files (php's
"upload_tmp_dir"), session data (php's "session.save_path") and
smarty's templates_c and cache.
that's the minimum of separation you should do.
if you want to go furhter, you can use php as a cgi-binary instead of
a apache-module, then you are able to run the php-code of each
subdomain with an indivdual uid (the one of the client for example).
or you can provide an individual chroot-jailed apache for each client.
the latter two ways are much more resource-intensive than
mod_php. that means you cannot put that many clients on one machine
anymore, that means hardware-costs per client are higher.
which way you go depends on factors like: how much do you trust your
customers. how much do your customers trust each other. how much do
they want to pay for additional security.
greetings
messju
> Thanx
>
> --
> Jochen
|