[php-maint] Bug#674091: Bug#674091: php5: support configuration sets
Ondřej Surý
ondrej at debian.org
Wed May 23 10:21:31 UTC 2012
forcemerge 505743 674091
thank you
/etc/php5/[SAPI]/conf.d is already used, so I don't really understand,
what do you really propose? Have you checked the actual configuration
before filling this bug?
# php5 --ini
Configuration File (php.ini) Path: /etc/php5/cli
Loaded Configuration File: /etc/php5/cli/php.ini
Scan for additional .ini files in: /etc/php5/cli/conf.d
Additional .ini files parsed: /etc/php5/cli/conf.d/10-pdo.ini
/etc/php5/[SAPI]/conf.d/ is really a symlink to ../conf.d/, but that
can be easily changed by local administrator.
We will ship wheezy with just this enhancement (php5{en,dis}mod), and
re-think if we can make the SAPIxEXT matrix easy enough to handle.
And you are of course free to create whatever messy config directory
structure you like.
O.
P.S.: Ignoring the 'oh-PHP-is-so-insecure' rant...
On Wed, May 23, 2012 at 3:26 AM, Christoph Anton Mitterer
<calestyo at scientia.net> wrote:
> Package: php5
> Severity: wishlist
>
>
> Hi.
>
> This is basically regardless of the choosen SAPI, although it may
> make the most sense with CGI.
>
> Given that PHP is so inherently insecure, it's reasonable to tighten
> the PHP configuration for each PHP program (e.g. forum, davical, etc.)
> as far as possible.
> On should also choose to execute each PHP program under a different
> user, which is why the apache php module and FastCGI are really
> horrible from a security point of view.
>
> Nevertheless....
>
> 1) Given that you've introduced /etc/php5/mods-available
> I'd like to propose the following changes/definitions:
> - /etc/php5/[SAPI]/
> contains _GLOBAL_ configuration for the respective SAPI
> which is (directly, in the sense of the file pathname) read by php.
> most notably, of course, the respective php.ini
>
> - /etc/php5/mods-available
> contains config snippets from modules
> which are NOT (directly) read by php.
>
> - /etc/php5/conf.d
> should be dropped and moved to /etc/php5/[SAPI]/conf.d
>
> That has the advantage that all config is in one tree.
> If no modifications are required for a given SAPI, on can simply
> symlink to the respective files in mods-available.
>
>
> Now php may be used in many places, not just webservers... and even if
> used in a webserver... there may be differen PHP configuration for
> different URI spaces (even in the same vhost).
>
> Therefore, while the above /etc/php5/[SAPI]/ contains all default configs/modules:
> - /etc/php5/custom/ should be a tree where the user is allowed to add any
> non default configuration used anywhere.
> I have for example something like:
> ├── custom
> │ └── www
> │ └── virtual-hosts
> │ └── example.org
> │ ├── forum
> │ │ ├── cgi
> │ │ │ ├── php.local.ini -> ../php.local.ini
> │ │ │ ├── suhosin.ini -> ../suhosin.ini
> │ │ │ └── suhosin.local.ini -> ../suhosin.local.ini
> │ │ ├── php.local.ini
> │ │ ├── suhosin.ini -> /etc/php5/conf.d/suhosin.ini
> │ │ └── suhosin.local.ini
> │ └── calendars
> │ ├── cgi
> │ │ ├── pdo.ini -> ../pdo.ini
> │ │ ├── pdo_pgsql.ini -> ../pdo_pgsql.ini
> │ │ ├── pgsql.ini -> ../pgsql.ini
> │ │ ├── php.local.ini -> ../php.local.ini
> │ │ ├── suhosin.ini -> ../suhosin.ini
> │ │ └── suhosin.local.ini -> ../suhosin.local.ini
> │ ├── pdo.ini -> /etc/php5/conf.d/pdo.ini
> │ ├── pdo_pgsql.ini -> /etc/php5/conf.d/pdo_pgsql.ini
> │ ├── pgsql.ini -> /etc/php5/conf.d/pgsql.ini
> │ ├── php.local.ini
> │ ├── suhosin.ini -> /etc/php5/conf.d/suhosin.ini
> │ └── suhosin.local.ini
>
>
> with different php.inis and differen module configs for differen paths.
>
>
> As I noted in a recent bug, the PHP_INI_SCAN_DIR which you set per default
> now to /etc/php5/conf.d can be used to point to these directories
> where custom configuration can be applied.
> If the user resets PHP_INI_SCAN_DIR that default (/etc/php5/conf.d)
> will no longer be read...
>
>
> Cheers,
> Chris.
>
>
>
>
>
>
>
>
> -- System Information:
> Debian Release: wheezy/sid
> APT prefers unstable
> APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 3.2.17-heisenberg (SMP w/2 CPU cores; PREEMPT)
> Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
--
Ondřej Surý <ondrej at sury.org>
More information about the pkg-php-maint
mailing list