[1648] | 1 | \section{Services} |
---|
| 2 | |
---|
| 3 | \subsection{Web} |
---|
| 4 | \begin{frame} |
---|
| 5 | \frametitle{Apache} |
---|
| 6 | \begin{itemize} |
---|
| 7 | \item Everyone wants Apache |
---|
| 8 | \item Apache's default configuration isn't safe for scripting |
---|
| 9 | \item Scripting \emph{requires} code execution---mod\_php, mod\_perl, mod\_python |
---|
| 10 | \item Apache normally runs everything as apache/nobody |
---|
| 11 | \item How to secure? |
---|
| 12 | \pause |
---|
| 13 | \item suEXEC---allows Apache to spawn a process as the user\ldots |
---|
| 14 | \item {\ldots}even for static content! |
---|
| 15 | \end{itemize} |
---|
| 16 | \end{frame} |
---|
| 17 | |
---|
| 18 | \begin{frame} |
---|
| 19 | \frametitle{suEXEC} |
---|
| 20 | \begin{itemize} |
---|
| 21 | \item setuid program |
---|
| 22 | \item Passed the request by Apache |
---|
| 23 | \item Verifies that the script is in the {\tt web\_scripts} directory |
---|
| 24 | \item Switches to the uid of the file and executes |
---|
| 25 | \item Even for static files! |
---|
| 26 | \end{itemize} |
---|
| 27 | \end{frame} |
---|
| 28 | |
---|
| 29 | \subsection{Mail} |
---|
| 30 | |
---|
| 31 | \begin{frame}[fragile] |
---|
| 32 | \frametitle{Postfix} |
---|
| 33 | \begin{itemize} |
---|
| 34 | \item Standard Postfix server |
---|
| 35 | \item No local mailboxes |
---|
| 36 | \item All mail is passed to procmail |
---|
| 37 | \end{itemize} |
---|
| 38 | \begin{verbatim}mailbox_command = /usr/bin/procmail -t \ |
---|
| 39 | -a "${EXTENSION}" ~/mail_scripts/procmailrc\end{verbatim} |
---|
| 40 | \end{frame} |
---|
| 41 | |
---|
| 42 | \begin{frame}[fragile] |
---|
| 43 | \frametitle{procmail} |
---|
| 44 | \begin{itemize} |
---|
| 45 | \item Reads \verb|~/mail_scripts/procmailrc| from user's home directory |
---|
| 46 | \item Users can do whatever they want with messages |
---|
| 47 | \item AFS causes problems---No way to know if failure is temporary (file server is down) or permanent (user isn't signed up for mail scripts) |
---|
| 48 | \item All procmail failures are treated as temporary, so mail is queued |
---|
| 49 | \end{itemize} |
---|
| 50 | \end{frame} |
---|
| 51 | |
---|
| 52 | \subsection{Cron (``Shortjobs'')} |
---|
| 53 | |
---|
| 54 | \begin{frame}[fragile] |
---|
| 55 | \frametitle{Cron (cronie)} |
---|
| 56 | \begin{itemize} |
---|
| 57 | \item Crontabs are currently stored locally on scripts servers |
---|
| 58 | \item {\tt cronload} command loads the crontabs from |
---|
| 59 | \verb|~/cron_scripts/crontab| \pause |
---|
| 60 | \item Needs improvement |
---|
| 61 | \item Cron does not fail over with Web and Mail |
---|
| 62 | \item Plan to move crontabs into AFS and do hot failover |
---|
| 63 | \end{itemize} |
---|
| 64 | \end{frame} |
---|
| 65 | |
---|
| 66 | \subsection{SQL} |
---|
| 67 | |
---|
| 68 | \begin{frame} |
---|
| 69 | \frametitle{sql.mit.edu} |
---|
| 70 | Though scripts.mit.edu makes use of sql.mit.edu, it's a separate SIPB service with different maintainers. |
---|
| 71 | \begin{itemize} |
---|
| 72 | \item sql.mit.edu provides MySQL databases to scripts users and anyone else |
---|
| 73 | \item SQL data is stored locally, replicated across multiple servers |
---|
| 74 | \item Nightly backups go into AFS |
---|
| 75 | \end{itemize} |
---|
| 76 | \end{frame} |
---|
| 77 | |
---|
| 78 | \subsection{Version control} |
---|
| 79 | |
---|
| 80 | \begin{frame} |
---|
| 81 | \frametitle{SVN and Git hosting} |
---|
| 82 | \begin{itemize} |
---|
| 83 | \item New service (September 2008), not well documented |
---|
| 84 | \item svn://\textit{username}.scripts.mit.edu/ and git://\textit{username}.scripts.mit.edu/ |
---|
| 85 | \item Uses suEXEC to run a svnserve / git-daemon as the user |
---|
| 86 | \item /mit/\textit{username}/Scripts/\{svn,git\} |
---|
| 87 | \item git:// is read-only, so future plans for svn+ssh:// and git+ssh:// |
---|
| 88 | \end{itemize} |
---|
| 89 | \end{frame} |
---|