From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 13974 invoked from network); 22 Jun 2022 06:29:35 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 22 Jun 2022 06:29:35 -0000 Received: from maat.thinktankworkspaces.com ([45.79.94.76]) by 9front; Wed Jun 22 02:25:17 -0400 2022 Message-ID: To: 9front@9front.org Date: Tue, 21 Jun 2022 23:25:15 -0700 From: william@thinktankworkspaces.com In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: flexible just-in-time method component module Subject: Re: [9front] httpd minimal configuration Reply-To: 9front@9front.org Precedence: bulk Plenty of brilliant responses here in the various threads that followed. This might be straight forward howerver. ### setup rc-httpd quick touch /rc/bin/rc-httpd/select-handler #!/bin/rc PATH_INFO=$location switch($SERVER_NAME) { case 172.27.0.67 FS_ROOT=/usr/glenda/www/yoda exec static-or-index case* error 503 } touch /usr/glenda/www/yoda/index.html touch /sys/doc/www chgrp sys /sys/doc/www chmod +aw www mv /rc/bin/service/!tcp80 /rc/bin/service/tcp80 just replace that ip address and maybe change the directories This example uses glenda. You can easily create a user /usr/www and put everything as that user. But keep mind that user will need permission to that service tcp80. I suggest experiement with this befor emoving to werc. I assure you werc is interesting and fun. Besides fqa. Here is some additional info http://thinktankworkspaces.com/plan9/httpd-rc Regards, -Will Quoth planless.user9 : > Thank you very much moody! > > There are no serious reasons for my preference and the rc-httpd approach is also definitely an option for me. (Especially with your instructions, which seem to be straightforward to realize.) > > I'm just trying to understand the system and that's why I read "Notes on the Plan 9tm 3rd edition Kernel Source" and "The C Programming Language". An implementation in C would therefore play into my hands a bit (even more so, since I have almost no experience with scripts). > > Many thanks again! > > ------- Original Message ------- > Jacob Moody schrieb am Dienstag, 21. Juni 2022 um 15:15: > > > > On 6/21/22 06:58, planless.user9 wrote: > > > > > Thank you very much for your fast and helpful reply. > > > > > > I will look at the source code in that case, hoping to get a simple web server set up. > > > > > > Are there concrete insecurities in the implementation of namespaces? > > > > > > Some thoughts: > > First off you seemed to imply that rc-httpd had to be used with werc, this is not the case. > > If your goal is to just serve some static files rc-httpd on its own is more then capable. I would be > > curious to hear your reasoning for preferring httpd. > > > > Hiro claims that namespaces are not security boundaries. I think I would agree > > maybe 6 months ago, but some work has been done lately to change this. > > I'd argue that with chdev and auth/box we're in a much much nicer spot > > in regards to making namespaces proper security boundaries, if you still disagree > > with this statement I would be curious to hear what you think still needs changed. > > > > Also you mention /lib/namespace.httpd, it is expected that you customize it for your > > system, modify it to place your webroot in the right spot. > > > > However if you are using rc-httpd with aux/listen, there is a namespace file already > > that takes advantage of newer security features: /rc/bin/service/!tcp80.namespace. > > If you would wish to use this, cp /rc/bin/!tcp80 /rc/bin/tcp80 and cp /rc/bin/!tcp80.namespace > > /rc/bin/tcp80.namespace, then customize as desired. > > > > If you need some tips on writing/reading namespace files, check namespace(6), and the associated > > (1) pages for commands mirrored in namespace files. > > > > Thanks, > > moody >