[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apache permission users



On Mon, May 20, 2013 at 11:05:26AM +0300, Lars Nooden wrote:
> On Mon, 20 May 2013, Tony Baldwin wrote:
> [snip]
> > and add the server (www-data) to their group, 775 stuff. I don't know if 
> > it's the best practice,
> [snip]
> 
> The www-data user and group should be left alone.  They are there for 
> privilege separation of the web server by providing an unprivileged 
> account for the daemon.  It would make the server a lot less secure if 
> either were to be given write access to the same directories and files 
> that it is serving.  That would defeat the purpose of www-data.  If you 
> need another group for the users to share, create one just for that 
> purpose and use it instead.

I'm not adding the users to the www-data group.
I'm adding the www-data user to the users' groups, so the server
can write to the stuff in their /home/webroot/
I assumed this latter was better than the former.

./tony
-- 
http://www.tonybaldwin.me
art, music, software by me, tony
3F330C6E

Attachment: signature.asc
Description: Digital signature


Reply to: