webapps running as plain user instead of www-data ?
Hi,
webapps-common draft states in 3.2.1 [0] that config files
modifiable by the application must belong to www-data group.
Since now it's easy (with e.g. spawn-fcgi) to setup fastcgi
backends as a plain user, web apps don't have to be run as
www-data.
Potential benefits :
- one application can't access sensible files of another
application running as www-data.
- provides an easy way to limit resource usage by
each web app, since it's bound to one user.
Along these lines, i wonder if a common scheme for user naming
could be defined (something like www-data-mywebapp).
Any opinions about that ?
regards,
Jérémy Lal
[0]
http://webapps-common.alioth.debian.org/draft/html/ch-issues.html#s-issues-conf-perm
Reply to: