webapps running as plain user instead of www-data ?

To: debian-webapps@lists.debian.org
Subject: webapps running as plain user instead of www-data ?
From: Jérémy Lal <jerry@edagames.com>
Date: Sun, 16 May 2010 18:52:24 +0200
Message-id: <[🔎] 4BF022C8.5030703@edagames.com>

Hi,
webapps-common draft states in 3.2.1 [0] that config files
modifiable by the application must belong to www-data group.

Since now it's easy (with e.g. spawn-fcgi) to setup fastcgi
backends as a plain user, web apps don't have to be run as
www-data.

Potential benefits :
- one application can't access sensible files of another
  application running as www-data.
- provides an easy way to limit resource usage by
  each web app, since it's bound to one user.

Along these lines, i wonder if a common scheme for user naming
could be defined (something like www-data-mywebapp).

Any opinions about that ?

regards,
Jérémy Lal


[0]
http://webapps-common.alioth.debian.org/draft/html/ch-issues.html#s-issues-conf-perm

Reply to:

Follow-Ups:
- Re: webapps running as plain user instead of www-data ?
  - From: Tanguy Ortolo <tanguy+debian@ortolo.eu>
- Re: webapps running as plain user instead of www-data ?
  - From: sean finney <seanius@debian.org>
- Re: webapps running as plain user instead of www-data ?
  - From: Paul Wise <pabs@debian.org>

Prev by Date: few questions
Next by Date: Re: webapps running as plain user instead of www-data ?
Previous by thread: few questions
Next by thread: Re: webapps running as plain user instead of www-data ?
Index(es):
- Date
- Thread