On Sun, Aug 12, 2001 at 12:16:54AM +0200, Marc Haber wrote: > On Wed, 8 Aug 2001 00:09:21 +0200, Bart Schuller > <schuller+debian-devel@lunatech.com> wrote: > >I'd advise to use real human people's accounts and groups for www data. > > So, on a site with a lot of virtual hosts, one should create a > users/groups www to own the files, that need to be world-readable for > the http server to read them? The ftp daemon that is used to upload > would need to run as www then, right? no, you create a user www-daemon (which is what www-data SHOULD be called...) and it owns the web server PROCESS, it does not own any files. the site files are owned by whoever created them and are world readable (so the www-daemon user can read them). you might create a group html or something that has write permission to site directories/files, users allowed to make changes to the site would be a member of this group then, but the www-daemon user would NOT and should not be a member. > Is this the correct way to do it? If yes, we have been doing it wrong no, that is wrong. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpapJkiaaGoj.pgp
Description: PGP signature