[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exploring debian's users and groups

On Tue, Aug 07, 2001 at 10:18:04AM +0200, Christian Kurz wrote:
> On 01-08-07 Joey Hess wrote:
> > www-data:
>  
> > 	HELP: Er, I should know this, but this box doesn't run apache and
> > 	      I'm offline.
> 
> This user is used by the apache webserver to run as and also all files
> that apache should serve should be owned by www-data, if I'm not
                                NOT
> mistaken.

The group's name is a disaster. The fact is that at least apache, but
probably all http servers run as this user.

It follows that the bulk of the files to be served should NOT be
writable to this user, so one broken cgi script won't mean your whole
site gets defaced.

I'd advise to use real human people's accounts and groups for www data.

-- 
The idea is that the first face shown to people is one they can readily
accept - a more traditional logo. The lunacy element is only revealed
subsequently, via the LunaDude. [excerpted from the Lunatech Identity Manual]
Reply to: