Re: apache permission users

To: debian-user@lists.debian.org
Subject: Re: apache permission users
From: Lars Nooden <lars.nooden@gmail.com>
Date: Mon, 20 May 2013 11:05:26 +0300 (EEST)
Message-id: <[🔎] alpine.BSO.2.03.1305201059530.3910@gmail.com>
In-reply-to: <[🔎] 20130520044157.GA15973@localhost.localdomain>
References: <[🔎] 201305151321.12094.ml@fuckaround.org> <[🔎] 20130520044157.GA15973@localhost.localdomain>

On Mon, 20 May 2013, Tony Baldwin wrote:
[snip]
> and add the server (www-data) to their group, 775 stuff. I don't know if 
> it's the best practice,
[snip]

The www-data user and group should be left alone.  They are there for 
privilege separation of the web server by providing an unprivileged 
account for the daemon.  It would make the server a lot less secure if 
either were to be given write access to the same directories and files 
that it is serving.  That would defeat the purpose of www-data.  If you 
need another group for the users to share, create one just for that 
purpose and use it instead.

Regards,
/Lars

Reply to:

Follow-Ups:
- Re: apache permission users
  - From: Tony Baldwin <tony@tonybaldwin.info>

References:
- apache permission users
  - From: Pol Hallen <ml@fuckaround.org>
- Re: apache permission users
  - From: Tony Baldwin <tony@tonybaldwin.info>

Prev by Date: Re: Why can ubuntu dist upgrade dist from within an X session?
Next by Date: Re: Searching for process filling root FS.
Previous by thread: Re: apache permission users
Next by thread: Re: apache permission users
Index(es):
- Date
- Thread