Hello everyone,
When someone needs a bit more secure system (and still keep PHP there),
he will start using suphp, that will run PHP script under owner of PHP
script and there is place where problem starts. All web applications are
getting installed as root:root and there is a must of recursively
changing owner in whole application directory on every upgrade.
My suggestion is to install all webapps as unprivileged user with
current webserver group, it's not breaking any functionality of
applications and it's making upgrades for suphp users easier.
What's the difference between running with suphp with a standard
unprivileged user and running without suphp and running the scripts
instead with the www-data user? Either way, the script has access to everything the www-data user has access to or whatever the dummy user is. The only way I see this being helpful is if each application is running as its own user individually.
thank you for reading this
Thank you for writing this. It's a good topic and I hope I learn something if I'm wrong.
Dusty