[plug] Simple Web questions - Debian Linux
Jeremy Malcolm
Jeremy at Malcolm.wattle.id.au
Sun Jun 13 11:54:37 WST 1999
-----BEGIN PGP SIGNED MESSAGE-----
> > 1. Is it bad for your root Web site to have the
> owner/group "root"?
>
> I assume you mean who it runs as, not file perms? Yes, it's
> bad to have
> a webserver run as root.
No I meant the file permissions. I should have explained myself
better. I lost all my file permissions a while ago in a freak boating
accident (OK who am I fooling, it was a sysadmin blunder) so I'm not
sure what the default was before I restored everything to "root"
ownership.
The reason I ask this is because normally for a user's Web files (eg.
/home/terminus/public_html) it doesn't matter if they chmodded u+w
because the Web server is not running as the user so there is no
prospect of someone coming in over the Web and modifying the files.
But for the root Web site (/var/www under Debian) the default owner of
the files is, I suppose, root. If I later implement something like
suexec, having the files owned by root will require my CGI scripts to
run as root too - which is not only bad, but (as I understand it)
impossible.
So I wanted to know, if they shouldn't be owned by root (because of
the CGI reason), and they shouldn't be owned by nobody (because it is
easy to accidentally give write access to nobody), what are they
supposed to be owned by, www-data?
> Which module is this? If it uses "patch", then sounds like it's more
> than a module and modifies the source itself (Apache SSL does that).
A
> module's documentation should state whether it can be
> compiled as an .so or not.
<shame>It is the Frontpage patch.</shame>
- --
JEREMY MALCOLM Jeremy at Malcolm.wattle.id.au http://malcolm.wattle.id.au
SIG of the day: [ ] Contact [ ] Web [ ] PGP [x] Taglines #1 [ ] #2
Reality is for those who can't face science fiction. | Power corrupts;
absolute power is kind of neat. | "It's in Tibetan!" - The Doctor (5G)
"A lawyer is like a river." - Kosh | Life is like a simile | Dynsdale!
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i
iQB1AwUBN2K6/b/mBljD2JABAQGlVwMAxmB3zYxmiQAyxtid4iZN9o9dKoNVIE3/
05YZLRyOmtVd+tp0y8KqVwNh4SqHsUObCijGDMuVuIeaD4kU93vlwywTgZEiq+r+
/dpLUUr47deiqQoaauWj6quCYg4PuvEW
=loFr
-----END PGP SIGNATURE-----
More information about the plug
mailing list