On Tue, Oct 21, 2003 at 09:48:33AM -0400, Roberto Sanchez said > Benedict Verheyen wrote: > >Hi, > > > >i'm wondering what the best method is of allowing a normal user account to > >do stuff like writing cd's, accessing local webpages (/var/www) and so on. > >There are a couple of methods like: > > > >1. Making a group, put the user in that group and set that group as owner > >of say /var/www or another dir where you want to user to have access too. > > > > Add the user to the www-data group. On Debian, the www-data group is > the default owner of files in www-data. Just make sure to do a > chmod -R g+w /var/www/, or they won't have write access. Nooooooooooooooooooooooooooooooooooooooooooooooooooooooooo! Files in there are explicitly root.root, so that if apache gets cracked, the cracker still can't modify your web site. Create a "www-users" group or something and chown the files to it and add people to that group. -- Rob Weir <rweir@ertius.org> | mlspam@ertius.org | Do I look like I want a CC? Words of the day: event security enigma Ft. Bragg Firefly csim bluebird Defcon
Attachment:
signature.asc
Description: Digital signature