[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: why are files/directories owned by www-data !?

On Wed, Jan 26, 2000 at 10:46:57AM +1100, Brian May wrote:
> There are 4 conflicting requirements:
> 4. users shouldn't have to log in as root or www-data in order to
> change web pages.

Thanks Ethan and Brian for a nice job of covering the issues.  I want to
emphasize one point that wasn't made directly, but which I consider the
most serious.

On most system where collaborative web development is happening, people
will want all web developers to belong to a group that can modify web
content.  The current permissions on /var/www give every indication that
www-data is the proper group for this, when in fact it is the single
worst group.  I think it's likely that many casual admins have used
www-data as this group without realizing the consequences.

No Debian documentation addresses this confusing issue.  It's good to
know that (according to Brian) there was deliberation, but it's a shame
nobody bothered to document it.

Cf. bug 53498 (and feel free to raise the severity ;) )


Reply to: