I'll say this much, there's nothing wrong with setting a non-root user
On 12/24/2013 04:37 AM, Reco wrote:
> Hi.
>
> On Tue, 24 Dec 2013 09:59:39 +0100
> Raffaele Morelli <raffaele.morelli@gmail.com> wrote:
>> Yes, I missed this point.
>>
>> BTW, as I don't want to rewrite someone else system security rules, let's
>> say that: MY best practice is to have www-data or any other NON-root user
>> as the scripts owner.
>
> So, basically you're allowing any php script to rewrite any php script
> with an arbitrary contents. An interesting policy, to say the least.
>
> Reco
>
as owner, provided www-data (or whoever apache/php runs as) can't write
to the file(s). I've seen and done it before.
While a good discussion can be had about root vs alt-user ownership,
lets not lose sight of the main point here: Don't let the process
*serving* the files have *write* access to them unless absolutely
necessary.