www-data is a bad name for what it currently is used for...
The user/group name "www-data", which is provided by the base-passwd
package and used (most prominently) by the Apache httpd.conf configuration
file, does not accurately reflect the role of the UID/GID it represents in
contemporary Debian systems. It no longer represents file system "data",
but rather is used as a UID/GID for network server processes.
"www-data" is also the only system user/group name containing a hyphen,
which can cause problems in certain situations (in my own experience, when
referring to user accounts within PostgreSQL).
A perusal of the mailing lists indicates that there is plenty of confusion
about this as well as problems caused by it.
* * *
In the past (slink? potato? I know potato = stable, but I'm running Woody
now, and I'm more concerened with the future.) I seem to remember that the
static HTML files in /var/www and the Apache log files were owned by
www-data. I'm assuming that the www-data user and groups were created to
give limited control over who could write files in directory trees
accessed by HTTP server processes. I am not sure why the log files were
given that ownership.
At some point someone must have realized that (a.) having your web content
writeable by your web server was a bad idea and (b.) Apache's logs are
written by the controlling non-serving process and are therefore written
as root, and changed this in the Debian Apache package.
A current install of Debian's Apache package produces HTML files and log
files owned by root. The ownership of the HTML files (and /var/www in
general) should be owned by a non-root group so that you may delegate
authority to non-root users. The (serving) apache processes themselves
still run as user www-data by default, although this is configurable in
httpd.conf.
* * *
The Debian Policy Manual states that system IDs "must be used on any
Debian system only for the purpose for which they are allocated."
www-data has devolved over the years so that it no longer meets this
requirement. I have found no explicit reference to "www-data" in the
Policy Manual sections "Users and Groups", "Daemons" and "Web Servers and
applications".
* * *
I have searched debian-user and debian-policy back through late 1998 and
have found the following (relevant) previous discussions.
Inconclusive discussion from August, 2000, on whether or not there was a
www-data policy:
http://lists.debian.org/debian-policy/2000/debian-policy-200008/msg00059.html
Discussion of Slink's bad www-data file permissions and process ownership:
Complaints about the "-" in "www-data" casuing problems in
PostgreSQL:
http://lists.debian.org/debian-user/1999/debian-user-199909/msg00053.html
http://lists.debian.org/debian-user/1999/debian-user-199911/msg01519.html
* * *
There should be a system user/group account for HTTP servers, but
"www-data" is misleading in that it does not correspond to data. Plus it
has that pesky hyphen. User "nobody" works for the simplest
installations, but it hampers your ability to fine tune the access control
granted to your server. I propose something like "httpd" or "http".
There should also be a (separate) system user/group account for data that
is accessed by HTTP servers. This would allow you to control which users
may edit your web content. I propose something like "www" or even
"wwwdata" (no hyphen).
This same methodology should be applied to all system user/group accounts.
Does the account refer to a process or file ownership or both? Is there a
reason to split file ownership UID/GID from process ownership UID/GID?
Thoughts?
Matthew Whitworth
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
struct matthew_whitworth {
char *email;
char *url;
} mw = { "matthew@okcomputer.org", "http://www.okcomputer.org/~matthew/"; };
--
To UNSUBSCRIBE, email to debian-policy-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: