Re: why are files/directories owned by www-data !?

To: debian-devel@lists.debian.org
Subject: Re: why are files/directories owned by www-data !?
From: Andrew Pimlott <andrew@pimlott.ne.mediaone.net>
Date: Fri, 18 Feb 2000 12:24:53 -0500
Message-id: <20000218122453.A31812@pimlott.ne.mediaone.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <84u2k13ea6.fsf@snoopy.apana.org.au>; from bam@debian.org on Wed, Jan 26, 2000 at 10:46:57AM +1100
References: <v04220805b4b0290290c6@[192.168.0.1]> <84u2k13ea6.fsf@snoopy.apana.org.au>

On Wed, Jan 26, 2000 at 10:46:57AM +1100, Brian May wrote:
> There are 4 conflicting requirements:
> 
> 4. users shouldn't have to log in as root or www-data in order to
> change web pages.

Thanks Ethan and Brian for a nice job of covering the issues.  I want to
emphasize one point that wasn't made directly, but which I consider the
most serious.

On most system where collaborative web development is happening, people
will want all web developers to belong to a group that can modify web
content.  The current permissions on /var/www give every indication that
www-data is the proper group for this, when in fact it is the single
worst group.  I think it's likely that many casual admins have used
www-data as this group without realizing the consequences.

No Debian documentation addresses this confusing issue.  It's good to
know that (according to Brian) there was deliberation, but it's a shame
nobody bothered to document it.

Cf. bug 53498 (and feel free to raise the severity ;) )

Andrew

Reply to:

Prev by Date: Bug#58418:
Next by Date: Re: /dev/log yet again
Previous by thread: Bug#58418:
Next by thread: Re: 11 days till Bug Horizon
Index(es):
- Date
- Thread