It turns out we can't get rid of mod_restartd and use mod_suexec. mod_suexec explicitly forbids running CGIs as root, so we can't use that to start the servers. I don't really like the fact that we have to support this module for the sole purpose of being able to remotely start, restart, and create instances of servers that run on low ports. For one, mod_restartd is and always will be a security nightmare waiting to happen - it is just a bad, bad idea to execute CGIs as root (or run the admin server as root). For another, usually init or something like daemontools does a much better job of making sure remote servers are running (e.g. restarting after a crash). You always have to run setup-ds-admin.pl when installing on a remote system, and that creates the directory server instance, so I'm not really sure how useful it is to be able to remotely create instances. I'd like to propose that we make this feature optional (that is, can build admin server without it) and possibly get rid of it altogether.
I would also like to relax the requirement that we have to use the threaded model Apache. The only reason we require this is because mod_admserv caches the auth credentials and ACIs in memory, in case you need to perform a task while the config DS is down (e.g. like start or restart). There are a few changes required to mod_admserv to relax this restriction.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- 389-devel mailing list 389-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
