2013/12/24 Jerry Stuckle <jstuckle@attglobal.net
<mailto:jstuckle@attglobal.net>>
On 12/24/2013 10:37 AM, Raffaele Morelli wrote:
<snip>
Are u kidding? Apache writes and creates everything you want if
directory/files permissions are designed for and that is what
you want.
Incorrect. Apache writes or creates NOTHING. The web server user
can create and write files from a script, but it is not Apache doing it.
Do we have to use strict jargon? Of course is not apache but the httpd
process, it's the whole thread we are referring to this.
I agree with the others. User-created files should never be owned
by root. On my servers, files are owned by the person doing the
uploading (which is NOT www-data) and are accessed read-only by
group permissions (with www-data being a member of the group).
On local systems, files are owned by the user creating the files
(again, not www-data), and accessed via the group.
Again, the www-data user can safely be the owner of everything in the
webroot, just think of phpmyadmin, there's nothing unsafe in www-data
being the owner because it's an app, same apply eg. for drupal where a
user might be allowed to write his own module and be the owner while
www-data has group access r-x permissions.
Having user files owned by root means they can only be edited by
root (unless you extend the group permissions - in which case
www-data can also change the permissions). And you should only use
root when you need to change system configurations, update packages,
etc. Not for general user file editing.
Jerry