[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Where does 'www-data' come from?



In article <19990120203523.F4225@hairnet.demon.co.uk> you write:
>On Wed, 20 Jan, 1999, Brian May wrote:
>> Maybe the web files should be owned by "www-data" and the web
>> process should be owned by "www" or "httpd"? This way the
>> descriptive names continue to make sense. Practical
>> speaking, it is probably just as good to make web files
>> owned by root, however, then the name "www-data" won't
>> be the owner of any data.
>
>Would not work, the users on my machine who are aloud to edit the web pages
>are members of the www-data group, do you suggest I make them members of root?

I think you are confused...

I suggested two ideas (I will present groups and users in user:group
format to prevent further confusion):

1. web files owned by www-data:www-data (ie no group change), and the
web process executed by www:www (for instance). There is no need for
users to be members of root. This would require an extra UID and GID.

2. I was thinking that it would be even simpler to make web files
owned by root:www-data (ie still no group change), as I consider
groups to be completely seperate to users, and this makes less users
to maintain.  This would have the advantage that the webserver could
still be executed by www-data:root (although it might be confusing because
this www-data would access the data and not own it). It isn't as obvious
as 1. above though as GID!=UID.

Having the web server owned by a different user and group to that 
of the files is so that if somebody breaks into the server (eg via
a buggy CGI script) they cannot tamper with the web files.


Reply to: