| 1 | \section{Services} |
|---|
| 2 | |
|---|
| 3 | \subsection{Web} |
|---|
| 4 | \begin{frame} |
|---|
| 5 | \frametitle{Apache} |
|---|
| 6 | \begin{itemize} |
|---|
| 7 | \item Everyone wants Apache |
|---|
| 8 | \item Apache's default configuration isn't safe for scripting |
|---|
| 9 | \item Scripting \emph{requires} code execution---mod\_php, mod\_perl, mod\_python |
|---|
| 10 | \item Apache normally runs everything as apache/nobody |
|---|
| 11 | \item How to secure? |
|---|
| 12 | \pause |
|---|
| 13 | \item suEXEC---allows Apache to spawn a process as the user\ldots |
|---|
| 14 | \item {\ldots}even for static content! |
|---|
| 15 | \end{itemize} |
|---|
| 16 | \end{frame} |
|---|
| 17 | |
|---|
| 18 | \begin{frame} |
|---|
| 19 | \frametitle{suEXEC} |
|---|
| 20 | \begin{itemize} |
|---|
| 21 | \item setuid program |
|---|
| 22 | \item Passed the request by Apache |
|---|
| 23 | \item Verifies that the script is in the {\tt web\_scripts} directory |
|---|
| 24 | \item Switches to the uid of the file and executes |
|---|
| 25 | \item Even for static files! |
|---|
| 26 | \end{itemize} |
|---|
| 27 | \end{frame} |
|---|
| 28 | |
|---|
| 29 | \subsection{Mail} |
|---|
| 30 | |
|---|
| 31 | \begin{frame}[fragile] |
|---|
| 32 | \frametitle{Postfix} |
|---|
| 33 | \begin{itemize} |
|---|
| 34 | \item Standard Postfix server |
|---|
| 35 | \item No local mailboxes |
|---|
| 36 | \item All mail is passed to procmail |
|---|
| 37 | \end{itemize} |
|---|
| 38 | \begin{verbatim}mailbox_command = /usr/bin/procmail -t \ |
|---|
| 39 | -a "${EXTENSION}" ~/mail_scripts/procmailrc\end{verbatim} |
|---|
| 40 | \end{frame} |
|---|
| 41 | |
|---|
| 42 | \begin{frame}[fragile] |
|---|
| 43 | \frametitle{procmail} |
|---|
| 44 | \begin{itemize} |
|---|
| 45 | \item Reads \verb|~/mail_scripts/procmailrc| from user's home directory |
|---|
| 46 | \item Users can do whatever they want with messages |
|---|
| 47 | \item AFS causes problems---No way to know if failure is temporary (file server is down) or permanent (user isn't signed up for mail scripts) |
|---|
| 48 | \item All procmail failures are treated as temporary, so mail is queued |
|---|
| 49 | \end{itemize} |
|---|
| 50 | \end{frame} |
|---|
| 51 | |
|---|
| 52 | \subsection{Cron (``Shortjobs'')} |
|---|
| 53 | |
|---|
| 54 | \begin{frame}[fragile] |
|---|
| 55 | \frametitle{Cron (cronie)} |
|---|
| 56 | \begin{itemize} |
|---|
| 57 | \item Crontabs are currently stored locally on scripts servers |
|---|
| 58 | \item {\tt cronload} command loads the crontabs from |
|---|
| 59 | \verb|~/cron_scripts/crontab| \pause |
|---|
| 60 | \item Needs improvement |
|---|
| 61 | \item Cron does not fail over with Web and Mail |
|---|
| 62 | \item Plan to move crontabs into AFS and do hot failover |
|---|
| 63 | \end{itemize} |
|---|
| 64 | \end{frame} |
|---|
| 65 | |
|---|
| 66 | \subsection{SQL} |
|---|
| 67 | |
|---|
| 68 | \begin{frame} |
|---|
| 69 | \frametitle{sql.mit.edu} |
|---|
| 70 | Though scripts.mit.edu makes use of sql.mit.edu, it's a separate SIPB service with different maintainers. |
|---|
| 71 | \begin{itemize} |
|---|
| 72 | \item sql.mit.edu provides MySQL databases to scripts users and anyone else |
|---|
| 73 | \item SQL data is stored locally, replicated across multiple servers |
|---|
| 74 | \item Nightly backups go into AFS |
|---|
| 75 | \end{itemize} |
|---|
| 76 | \end{frame} |
|---|
| 77 | |
|---|
| 78 | \subsection{Version control} |
|---|
| 79 | |
|---|
| 80 | \begin{frame} |
|---|
| 81 | \frametitle{SVN and Git hosting} |
|---|
| 82 | \begin{itemize} |
|---|
| 83 | \item New service (September 2008), not well documented |
|---|
| 84 | \item svn://\textit{username}.scripts.mit.edu/ and git://\textit{username}.scripts.mit.edu/ |
|---|
| 85 | \item Uses suEXEC to run a svnserve / git-daemon as the user |
|---|
| 86 | \item /mit/\textit{username}/Scripts/\{svn,git\} |
|---|
| 87 | \item git:// is read-only, so future plans for svn+ssh:// and git+ssh:// |
|---|
| 88 | \end{itemize} |
|---|
| 89 | \end{frame} |
|---|
