source: trunk/locker/doc/cluedump/services.tex

Last change on this file was 1648, checked in by ezyang, 14 years ago
Add cluedump slide sources to Subversion.
File size: 2.9 KB
RevLine 
[1648]1\section{Services}
2
3\subsection{Web}
4\begin{frame}
5  \frametitle{Apache}
6  \begin{itemize}
7      \item Everyone wants Apache
8      \item Apache's default configuration isn't safe for scripting
9      \item Scripting \emph{requires} code execution---mod\_php, mod\_perl, mod\_python
10      \item Apache normally runs everything as apache/nobody
11      \item How to secure?
12      \pause
13      \item suEXEC---allows Apache to spawn a process as the user\ldots
14      \item {\ldots}even for static content!
15  \end{itemize}
16\end{frame}
17
18\begin{frame}
19  \frametitle{suEXEC}
20  \begin{itemize}
21    \item setuid program
22    \item Passed the request by Apache
23    \item Verifies that the script is in the {\tt web\_scripts} directory
24    \item Switches to the uid of the file and executes
25    \item Even for static files!
26  \end{itemize}
27\end{frame}
28
29\subsection{Mail}
30
31\begin{frame}[fragile]
32  \frametitle{Postfix}
33  \begin{itemize}
34    \item Standard Postfix server
35    \item No local mailboxes
36    \item All mail is passed to procmail
37  \end{itemize}
38  \begin{verbatim}mailbox_command = /usr/bin/procmail -t \
39-a "${EXTENSION}" ~/mail_scripts/procmailrc\end{verbatim}
40\end{frame}
41
42\begin{frame}[fragile]
43  \frametitle{procmail}
44  \begin{itemize}
45    \item Reads \verb|~/mail_scripts/procmailrc| from user's home directory
46    \item Users can do whatever they want with messages
47    \item AFS causes problems---No way to know if failure is temporary (file server is down) or permanent (user isn't signed up for mail scripts)
48    \item All procmail failures are treated as temporary, so mail is queued
49  \end{itemize}
50\end{frame}
51
52\subsection{Cron (``Shortjobs'')}
53
54\begin{frame}[fragile]
55  \frametitle{Cron (cronie)}
56  \begin{itemize}
57    \item Crontabs are currently stored locally on scripts servers
58    \item {\tt cronload} command loads the crontabs from
59      \verb|~/cron_scripts/crontab| \pause
60    \item Needs improvement
61    \item Cron does not fail over with Web and Mail
62    \item Plan to move crontabs into AFS and do hot failover
63  \end{itemize}
64\end{frame}
65
66\subsection{SQL}
67
68\begin{frame}
69  \frametitle{sql.mit.edu}
70  Though scripts.mit.edu makes use of sql.mit.edu, it's a separate SIPB service with different maintainers.
71\begin{itemize}
72\item sql.mit.edu provides MySQL databases to scripts users and anyone else
73\item SQL data is stored locally, replicated across multiple servers
74\item Nightly backups go into AFS
75\end{itemize}
76\end{frame}
77
78\subsection{Version control}
79
80\begin{frame}
81  \frametitle{SVN and Git hosting}
82  \begin{itemize}
83    \item New service (September 2008), not well documented
84    \item svn://\textit{username}.scripts.mit.edu/ and git://\textit{username}.scripts.mit.edu/
85    \item Uses suEXEC to run a svnserve / git-daemon as the user
86    \item /mit/\textit{username}/Scripts/\{svn,git\}
87    \item git:// is read-only, so future plans for svn+ssh:// and git+ssh://
88  \end{itemize}
89\end{frame}
Note: See TracBrowser for help on using the repository browser.