httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Duffy <noahdu...@fastmail.fm>
Subject Re: [users@httpd] Changing the User Which Runs Apache
Date Thu, 08 Aug 2013 18:09:17 GMT
On Aug 8, 2013, at 12:20 PM, John Iliffe <john.iliffe@iliffe.ca> wrote:

> Apache has to start as root so it can get permission on the socket 
> (presumably 80).  It then does an su to the uid it runs under.  Could be 
> apache but you can have anything you want.  It does not need write or 
> execute on any of the page directories just read.  They could be owned by 
> you or you might just be in the same group so you can update them.
> 
> You have a LOT of options, read the docs!
> 
> Regards, and good luck
> 
> John
> =====================================
> On Wednesday 07 August 2013 19:42:47 Noah Duffy wrote:
>> On Aug 7, 2013, at 6:36 PM, Yehuda Katz <yehuda@ymkatz.net> wrote:
>>> Check out how the default configuration of apache works on
>>> Debian/Ubuntu. They run as the user www-data and have the correct
>>> permissions set on the /var/www folder.
>> 
>> I'm running Ubuntu Server 12.04 and just checked the default permissions
>> on /var/www and the owner is actually root. Apache is run as www-data,
>> however.
>> 
>> The problem I'm having is knowing exactly what to do. Someone has
>> already suggested not having the owner of /var/www be the same user
>> that is running Apache. I'm not one to say if that is correct or not,
>> but it confuses me a little more on how to make sure the directory is
>> writable for any PHP I may be using.

WordPress may be a bad example, but here's what I'm trying to accomplish:

I'm going to be using a blogging platform called Dropplets. It's very simple and pretty much
just generates static pages from text files to create the entries.

When installing, there are just a few files and directories which contain the pages and PHP.
Upon first visit, it has you enter your admin password and then it generates a config file.
That file cannot be generated if Apache (or the user) does not have write permissions to the
web directory. Even if I temporarily change the permissions, uploading posts would have to
be done over SFTP instead of through the website. This doesn't bother me, but it does make
it take just a few more steps.

So, should I not give write permissions to any other user other than myself? Currently, I
created a new directory under /srv for the files to be hosted and made the owner and group
www-data. I then added myself as a user to the www-data group so files could make changes
and the site could create whatever files it needed to.

Would that not be safe? I hope no one feels like I'm beating this subject, I'm just trying
to get a better understanding. :)

Thanks again!

--
Noah Duffy
noahduffy@fastmail.fm
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message