Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Web Servers and Web App Development
  Previous topic | Next topic 
Author Message
digilink
PostPosted: Fri May 08, 2009 1:22 pm 
Offline
Newbie

Joined: Fri May 08, 2009 1:14 pm
Posts: 2
Here's my scenario. I have a Linode 360 running Debian Lenny with only one user (myself) serving a couple of personal websites, no other users exist on the machine besides normal system accounts, root, etc.

I have everything residing in /var/www/my.domain1, /var/www/mydomain.2 etc.

I have changed the owner/group to www-data for the entire /var/www directory and subdirectories from root for security reasons.

I use my normal user for all administration and uploading/creating html, php files etc. The problem I have run into however is that when I create new files they are then owned by my user account (as expected) and then I do a chown to www-data. This is becoming a little labor intensive given the amount of files I have been dealing with. I would like the files to owned by www-data from the moment they are created without actually having to login as that user.

Is there an easier more preferred method to what I am trying to accomplish here without re-inventing the wheel?
Top
   
Reply with quote  
btmorex
 Post subject:
PostPosted: Fri May 08, 2009 3:23 pm 
Offline
Senior Member

Joined: Tue Apr 29, 2008 6:26 pm
Posts: 58
Website: http://blog.shadypixel.com/
In general, I wouldn't have web files owned by www-data. If there's a vulnerability in the web server or in your php/ruby/python/whatever, they'll be able to do nasty things like modify your htaccess to redirect to bad sites. The only files/directories that the web server needs write access to are upload/tmp directories and that's easy. For everything else, apache should only have read access and the easiest way to do that it to give all files 644 permissions, all directories 755 permissions and make everything owned by a different user.
Top
   
Reply with quote  
hybinet
 Post subject:
PostPosted: Fri May 08, 2009 11:13 pm 
Offline
Senior Member

Joined: Fri May 02, 2008 8:44 pm
Posts: 1121
btmorex is right, but if you really need to chown a lot of files at once:
Code:
chown -Rv www-data:www-data /var/www

You could even write a bash script that does this whenever you need.
Top
   
Reply with quote  
Vance
 Post subject:
PostPosted: Sat May 09, 2009 9:20 pm 
Offline
Senior Member
User avatar

Joined: Sun Jan 18, 2009 2:41 pm
Posts: 830
You could add your account to the www-data group, then put the setgid bit on your document root directory (e.g., chmod g+xs /var/www). (You'd also need to do this to any existing subdirectories.) Any files you created there would then be owned by you, but would be assigned to the www-data group. You'd then need to manage what permissions the group has to the files (read-only vs. read-write).
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Web Servers and Web App Development


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group