[nzlug] File permission dummy questions
Craig Box
craig at dubculture.co.nz
Fri Aug 11 15:13:21 NZST 2006
Daniel Lawson wrote:
>> I like to change the ownership to something like www-data (chown -R
>> www-data.www-data /var/www) and then add yourself to the www-data
>> group (usermod -G www-data sid).
>>
> Only downside with this is that when your webserver gets compromised,
> the attacker can edit or delete anything owned by the user the
> webserver is running as. Make the files owned by anybody else at
> all, and make your user a member of that group, but don't go giving
> away freebies to any attackers.
Good point. Each webapp I install tends to have one or two directories that
need to be writable by the www-data user, so I tend to be lazy. Might pay
to change the group.
Craig
More information about the NZLUG
mailing list