[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Where does 'www-data' come from?

In article <[🔎] 19990122035533.A5499@skynet.e.ruhr.de> you write:
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: quoted-printable
>On Fri, Jan 22, 1999 at 09:39:18AM +1100, Brian May wrote:
>> The only thing my proposal changed was the UID and the GID of the web
>> server, so that the web server doesn't have write access to the web
>> files. It most cases, it is not required that the web server have
>> write access to its files, and in those cases where it is required
>> (eg if CGI scripts need to be able to modify HTML files), then
>> you can change the UID and/or GID of those individual files.
>But shouldn't it be www:www-data? Or at least put www into group www-data
>by default if you want to change it. Then you can just chmod g+w if you
>want write access to some HTML-Files/directories. And the httpd server
>should be able to read his HTML-files if you ask me :-) even if they are
>not world-readable.

I think you want something that I didn't cater for - non-world readable
HTML files.

I think that there are numerous conflicting demands, and if you want
everything, then it is impossible with the simple UID/GID permissions of

1) I think you are saying you don't want the Web files world readable -
this isn't an issue for me, but might be an issue if data is password
protected, etc. This means that the files can only be modified by
the UID and/or GID. Valid & usable permissons would be rw-rw---- or

2) If you prevent write access by the GID but allow read access (ie
rw-r----), then the web process can read it using the same GID but can't
modify it. However, only the UID can modify the files, and this is not
good enough for many situations.

3) If you allow write access by the GID (ie rw-rw----), then everyone in
the group can modify it. However, if the webserver also shares this GID,
then it can modify them to, making any change completely pointless. So
in order for this to work, the UID:GID of the server would have to be
different, making the permissions rw-rw-r--, and ignoring 1).

4) Ideally, there should be a way to associate to GID for each
web file (one ServerGID which has no write permission and one DataGID
which was write permissions), however, this is currently not a
valid option. I believe ACL (access control lists) will by able
to do this though...

My personal opinion is that 3) is more important then 1),
and I would make the UID:GID different. Any data that I publish
on the WWW, IMHO, is public, but others will disagree.

Reply to: