[hunchentoot-devel] Where to set up a shared hunchentoot directory
Tobia
tobia.conforto at linux.it
Tue Feb 20 18:09:24 UTC 2007
Jonathon McKitrick scrisse:
> I've been running a production site from my home directory, and it's
> about time I change that.
>
> Are there suggested setup locations and/or permissions to run
> hunchentoot from a shared directory?
Going with time-honored (!) GNU/Linux practice, I would suggest:
- Lisp subsystem (base image and system libraries) installed in a system
directory, such as /usr if managed through the system package manager,
/usr/local or /opt otherwise; in any case owned by root and not
writable by others;
- Website-specific files (both lisp files defining handlers and static
files) under /var/www or /srv; owned by root and not writable by
others, with the exception of the directories (if any) where the
application should write (directory for uploaded files, etc.)
alternatively, the lisp files might go in /usr/local/cgi-bin or such;
- Hunchentoot system files (= Edi's distribution, if unmodified) in a
local system directory (/usr/local or such), preferably one advocated
by the particular Lisp subsystem; same permissions as above;
alternatively, they might be installed together with the website-
specific lisp files;
- Make the Hunchentoot server do a chuid to a user created for the
purpose, with password and login shell disabled; this user should only
have write access if and where appropriate (upload directory, etc.)
This assumes that you're not running it inside a chroot and that the
Lisp subsystem manages compiled files on its own, usually somewhere in
/var; otherwise things get ugly pretty fast ;-)
Tobia
More information about the Tbnl-devel
mailing list