On Mon, Oct 29, 2018 at 12:27:53PM -0500, David Wright wrote:
On Sun 28 Oct 2018 at 19:57:08 (-0400), Gene Heskett wrote:I don't think thats how it works. UID/GID as www-data is just part of the sandbox apache2 and its ilk play in. In fact after I've equipt apach2 with some new toy, the last thing I do as root is a chown -R www-data:www-data any directory apache2 can access in going about its normal business.Then you probably need to read the docs carefully, rather than taking any notice of what's written [above], which contradicts anything I've read on this subject.
Correct; the original text is bad advice. In general, you do not want your web server process to be able to write the files that it is running, in order to reduce the avenues for privilege escalation in the face of a bug in a web script. Sometimes the web server does need to be able to write, and in those cases it is best to carefully configure the web server to not run anything from areas which are writable, and to restrict the writable areas to the minimum necessary. (A lot of other controls are also important, such as preventing unauthenticated upload and download of the same files and/or implementing some sort of moderation to prevent the site from turning into an unexpected distribution node for illegal material, etc.)
Mike Stone