From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 2490 invoked from network); 22 Jun 2022 09:14:01 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 22 Jun 2022 09:14:01 -0000 Received: from mail-40135.protonmail.ch ([185.70.40.135]) by 9front; Wed Jun 22 05:10:03 -0400 2022 Date: Wed, 22 Jun 2022 09:09:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me; s=protonmail3; t=1655889001; x=1656148201; bh=9yQ2ho+NLaMWLEplhMqyMX9Kd/XDkURasWqDmrx5K68=; h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID; b=qTiGrw9VVINw0Ld8bHCHxrVutxlQDydeUpJdNvFgNYXsicD1o8f3QfOKDtseXyFCc /Z/+ViJJ2VLpHr1xIPChSeRL3S3p3UGmmYg4QV1bv1atkcTlcMhonZ01zyHcV5kKXR 8YYDA6/dE99C/q4vlNwnPYWS8ovoa6qkEEIfs+SJIM1ir8jOCh4I4II0NZmWTZQRBr 5csCOY2ljSgKxIiOkOu/+lQlHcHJAlAvu46aeZ0SG4zpzoI2Vs3fV/QyrbwChlHmmP XrWONEGI8vqglWc3mjkeNkk/SFmGqXF0d0m9fJ3FJ/ESNCuZWsXbgXKrIs5teDmlam EJziGl3Yq4gdA== To: 9front@9front.org From: "planless.user9" Message-ID: In-Reply-To: References: Feedback-ID: 50494670:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: managed proxy pipelining-oriented framework Subject: Re: [9front] httpd minimal configuration Reply-To: 9front@9front.org Precedence: bulk Yes, there are really a lot of great and helpful answers written which I ap= preciate very much, thank you for these! Since I am not in a hurry, I will try to understand the source code of http= d and then use this service. If there are still difficulties, the provided tcp80 should work fine with m= inimal changes as described in this thread. thanks again for the support! ------- Original Message ------- schrieb am Mittwoch, 22. Juni 2022 um 08:= 25: > Plenty of brilliant responses here in the various threads that followed. = This might be > straight forward howerver. > > ### setup rc-httpd quick > > touch /rc/bin/rc-httpd/select-handler > #!/bin/rc > > PATH_INFO=3D$location > > switch($SERVER_NAME) { > case 172.27.0.67 > FS_ROOT=3D/usr/glenda/www/yoda > exec static-or-index > case* > error 503 > } > > touch /usr/glenda/www/yoda/index.html > touch /sys/doc/www > chgrp sys /sys/doc/www > chmod +aw www > mv /rc/bin/service/!tcp80 /rc/bin/service/tcp80 > > just replace that ip address and maybe change the directories > > This example uses glenda. You can easily create a user /usr/www and put e= verything as that > user. But keep mind that user will need permission to that service tcp80. > > I suggest experiement with this befor emoving to werc. I assure you werc = is interesting > and fun. > > Besides fqa. Here is some additional info > > http://thinktankworkspaces.com/plan9/httpd-rc > > Regards, > -Will > > > > Quoth planless.user9 planless.user9@proton.me: > > > Thank you very much moody! > > > > There are no serious reasons for my preference and the rc-httpd approac= h is also definitely an option for me. (Especially with your instructions, = which seem to be straightforward to realize.) > > > > I'm just trying to understand the system and that's why I read "Notes o= n the Plan 9tm 3rd edition Kernel Source" and "The C Programming Language".= An implementation in C would therefore play into my hands a bit (even more= so, since I have almost no experience with scripts). > > > > Many thanks again! > > > > ------- Original Message ------- > > Jacob Moody moody@mail.posixcafe.org schrieb am Dienstag, 21. Juni 2022= um 15:15: > > > > > On 6/21/22 06:58, planless.user9 wrote: > > > > > > > Thank you very much for your fast and helpful reply. > > > > > > > > I will look at the source code in that case, hoping to get a simple= web server set up. > > > > > > > > Are there concrete insecurities in the implementation of namespaces= ? > > > > > > Some thoughts: > > > First off you seemed to imply that rc-httpd had to be used with werc,= this is not the case. > > > If your goal is to just serve some static files rc-httpd on its own i= s more then capable. I would be > > > curious to hear your reasoning for preferring httpd. > > > > > > Hiro claims that namespaces are not security boundaries. I think I wo= uld agree > > > maybe 6 months ago, but some work has been done lately to change this= . > > > I'd argue that with chdev and auth/box we're in a much much nicer spo= t > > > in regards to making namespaces proper security boundaries, if you st= ill disagree > > > with this statement I would be curious to hear what you think still n= eeds changed. > > > > > > Also you mention /lib/namespace.httpd, it is expected that you custom= ize it for your > > > system, modify it to place your webroot in the right spot. > > > > > > However if you are using rc-httpd with aux/listen, there is a namespa= ce file already > > > that takes advantage of newer security features: /rc/bin/service/!tcp= 80.namespace. > > > If you would wish to use this, cp /rc/bin/!tcp80 /rc/bin/tcp80 and cp= /rc/bin/!tcp80.namespace > > > /rc/bin/tcp80.namespace, then customize as desired. > > > > > > If you need some tips on writing/reading namespace files, check names= pace(6), and the associated > > > (1) pages for commands mirrored in namespace files. > > > > > > Thanks, > > > moody