Re: why are files/directories owned by www-data !?

To: Jim Lynch <jim@laney.edu>, Brian May <bam@debian.org>, debian-devel@lists.debian.org
Subject: Re: why are files/directories owned by www-data !?
From: Ethan Benson <erbenson@alaska.net>
Date: Wed, 26 Jan 2000 06:38:21 +0000
Message-id: <v0422080bb4b445bae150@[192.168.0.1]>
In-reply-to: <[🔎] 200001260619.WAA15180@earth.laney.edu>
References: <[🔎] 200001260619.WAA15180@earth.laney.edu>

On 25/1/2000 Jim Lynch wrote:

I think it probably should, it would make cgiwrap (my pkg) and others
that interoperate with apache easier to configure.


what exactly is the issue with cgiwrap and the ownership?

(Note however, others have expressed disdain when the Apache server
they built from non-debianized source and which runs as nobody.nogroup
would not work with cgiwrap; when I said (on IRC) "try running apache
as www-data.www-data", I got a disdainful reaction. Not sure why, but
maybe this says there are other opinions... If so, please post here so!)

I cannot speak for those, but I would express disdain for thatsuggestion when i do the following:


[eb@plato eb]$ ls -ld /var/www/
drwxr-xr-x    2 www-data     www-data     4096 Nov  7 16:34 /var/www/
[eb@plato eb]$ ls -ld /var/lib/dhelp/
drwxr-xr-x    2 www-data     www-data     4096 Jan 16 18:22 /var/lib/dhelp/
[eb@plato eb]$

and see those results. (along with the log files)

I believe the owner of the apache processes should not own any files,and should not have any write permission to anything.



--
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/

Reply to:

References:
- Re: why are files/directories owned by www-data !?
  - From: Jim Lynch <jim@laney.edu>

Prev by Date: Re: why are files/directories owned by www-data !?
Next by Date: Re: Bug#55933: This package needs to be re-compiled
Previous by thread: Re: why are files/directories owned by www-data !?
Next by thread: dbf2mysql: Old mysql dependant package needs recompile
Index(es):
- Date
- Thread