[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: allowing a "normal" user to work efficiently

On Tue, Oct 21, 2003 at 09:48:33AM -0400, Roberto Sanchez said
> Benedict Verheyen wrote:
> >Hi,
> >
> >i'm wondering what the best method is of allowing a normal user account to
> >do stuff like writing cd's, accessing local webpages (/var/www) and so on.
> >There are a couple of methods like:
> >
> >1. Making a group, put the user in that group and set that group as owner
> >of say /var/www or another dir where you want to user to have access too.
> >
> Add the user to the www-data group.  On Debian, the www-data group is
> the default owner of files in www-data.  Just make sure to do a
> chmod -R g+w /var/www/, or they won't have write access.

Nooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!  Files in
there are explicitly root.root, so that if apache gets cracked, the
cracker still can't modify your web site.  Create a "www-users" group or
something and chown the files to it and add people to that group.

Rob Weir <rweir@ertius.org> | mlspam@ertius.org  |  Do I look like I want a CC?
Words of the day:  event security enigma Ft. Bragg Firefly csim bluebird Defcon

Attachment: signature.asc
Description: Digital signature

Reply to: