I've been running a production site from my home directory, and it's about time I change that.
Are there suggested setup locations and/or permissions to run hunchentoot from a shared directory? I'm sure there are many ways to do it, but I thought I'd ask those of you who have perhaps encountered and dealt with some unforeseen issues and would share that with us.
Jonathon McKitrick scrisse:
I've been running a production site from my home directory, and it's about time I change that.
Are there suggested setup locations and/or permissions to run hunchentoot from a shared directory?
Going with time-honored (!) GNU/Linux practice, I would suggest:
- Lisp subsystem (base image and system libraries) installed in a system directory, such as /usr if managed through the system package manager, /usr/local or /opt otherwise; in any case owned by root and not writable by others;
- Website-specific files (both lisp files defining handlers and static files) under /var/www or /srv; owned by root and not writable by others, with the exception of the directories (if any) where the application should write (directory for uploaded files, etc.)
alternatively, the lisp files might go in /usr/local/cgi-bin or such;
- Hunchentoot system files (= Edi's distribution, if unmodified) in a local system directory (/usr/local or such), preferably one advocated by the particular Lisp subsystem; same permissions as above;
alternatively, they might be installed together with the website- specific lisp files;
- Make the Hunchentoot server do a chuid to a user created for the purpose, with password and login shell disabled; this user should only have write access if and where appropriate (upload directory, etc.)
This assumes that you're not running it inside a chroot and that the Lisp subsystem manages compiled files on its own, usually somewhere in /var; otherwise things get ugly pretty fast ;-)
Tobia
-
Jonathon McKitrick -
Tobia