Rob Weir wrote:
On Tue, Oct 21, 2003 at 09:48:33AM -0400, Roberto Sanchez saidBenedict Verheyen wrote:Hi, i'm wondering what the best method is of allowing a normal user account to do stuff like writing cd's, accessing local webpages (/var/www) and so on. There are a couple of methods like: 1. Making a group, put the user in that group and set that group as owner of say /var/www or another dir where you want to user to have access too.Add the user to the www-data group. On Debian, the www-data group is the default owner of files in www-data. Just make sure to do a chmod -R g+w /var/www/, or they won't have write access.Nooooooooooooooooooooooooooooooooooooooooooooooooooooooooo! Files in there are explicitly root.root, so that if apache gets cracked, the cracker still can't modify your web site. Create a "www-users" group or something and chown the files to it and add people to that group.
Sorry, on my machine, apache runs as apache.apache, so that it is a different UID.GID from www-data.www-data. My bad. -Roberto
Attachment:
pgpWcmaLPs_Xq.pgp
Description: PGP signature