[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Making files readable for the webserver

On Thu, Jul 26, 2001 at 03:05:30PM +0200, Simon Richter wrote:
> On Thu, 26 Jul 2001, Alex Pennace wrote:
> [Files that need to be readable by the webserver]
> > Debian Policy Manual section 11.9 says that files "should be owned by
> > root.root, and made writable only by the owner and universally
> > readable (and executable, if appropriate), that is mode 644 or 755."
> 
> > Could you provide more details if this stock answer isn't
> > satisfactory?
> 
> The problem is that some of the files can get installed 600 root.root on
> some systems (no idea why, umask is 002 and the files get created by
> redirecting shell output) and I need to fix that in the postinst even for
> existing installations. For that, I need the definition of "readable by
> the webserver". I also think 644 root.root is okay, but I just wanted to
> make sure (policy doesn't contain the word "www-data" according to grep).

In that case I recommend following the spirit of policy, and try to
make them as readable as possible, provided they don't contain any
sensitive information like passwords.

> I'll go for
> 
> if dpkg --compare-versions $2 ge 0.1.6-3; then
> 	if dpkg --compare-versions $2 lt 0.1.6-6; then
> 		for i in $conffiles; do
> 			chown root:root $i
> 			chmod 644 $i

That seems fair.
Reply to: