Re: why are files/directories owned by www-data !?
On Wed, Jan 26, 2000 at 10:46:57AM +1100, Brian May wrote:
> There are 4 conflicting requirements:
>
> 4. users shouldn't have to log in as root or www-data in order to
> change web pages.
Thanks Ethan and Brian for a nice job of covering the issues. I want to
emphasize one point that wasn't made directly, but which I consider the
most serious.
On most system where collaborative web development is happening, people
will want all web developers to belong to a group that can modify web
content. The current permissions on /var/www give every indication that
www-data is the proper group for this, when in fact it is the single
worst group. I think it's likely that many casual admins have used
www-data as this group without realizing the consequences.
No Debian documentation addresses this confusing issue. It's good to
know that (according to Brian) there was deliberation, but it's a shame
nobody bothered to document it.
Cf. bug 53498 (and feel free to raise the severity ;) )
Andrew
Reply to: