Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Web Servers and Web App Development
  Previous topic | Next topic 
Author Message
jzimmerlin
PostPosted: Wed Jul 21, 2010 8:11 pm 
Offline
Senior Member

Joined: Wed Jul 21, 2010 8:04 pm
Posts: 119
Hi,
I have a question about ownership I want to throw out there.

What should the ownership settings be for /var/www on a Ubuntu VPS?

root:root? www-data/www-data? (my user):(my user)?

I need two things:
1. To be able to add/modify/delete files myself
2. To allow Apache to add/modify/delete files too (I have a few PHP scripts that do that)

What would you guys recommend?

Thanks in advance for your suggestions!
Top
   
Reply with quote  
Ævar Arnfjörð Bjarmason
 Post subject:
PostPosted: Wed Jul 21, 2010 8:32 pm 
Offline
Junior Member

Joined: Mon Dec 28, 2009 2:52 pm
Posts: 29
Having PHP files writable by the webserver opens you up to attacks where someone exploits an existing bug to upload new code that they can run.
Top
   
Reply with quote  
jzimmerlin
 Post subject:
PostPosted: Wed Jul 21, 2010 8:35 pm 
Offline
Senior Member

Joined: Wed Jul 21, 2010 8:04 pm
Posts: 119
Are there any other ways to create files/folders using PHP that are more secure?
Top
   
Reply with quote  
BrianJM
 Post subject:
PostPosted: Thu Jul 22, 2010 11:55 am 
Offline
Junior Member

Joined: Thu Jun 03, 2010 4:44 pm
Posts: 35
1. Leave the files owned by www-data:www-data and "sudo -s" when you need to make edits.
Top
   
Reply with quote  
jzimmerlin
 Post subject:
PostPosted: Thu Jul 22, 2010 11:57 am 
Offline
Senior Member

Joined: Wed Jul 21, 2010 8:04 pm
Posts: 119
What do you think of me adding myself to the www-data group so I didn't have to do that?
Top
   
Reply with quote  
BrianJM
 Post subject:
PostPosted: Thu Jul 22, 2010 12:00 pm 
Offline
Junior Member

Joined: Thu Jun 03, 2010 4:44 pm
Posts: 35
jzimmerlin wrote:
What do you think of me adding myself to the www-data group so I didn't have to do that?

That would work as long as the PHP files and relevant directories have permissions of 664 (or greater) so the group has write permissions.
Top
   
Reply with quote  
jzimmerlin
 Post subject:
PostPosted: Thu Jul 22, 2010 12:18 pm 
Offline
Senior Member

Joined: Wed Jul 21, 2010 8:04 pm
Posts: 119
Thank you!
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Web Servers and Web App Development


Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
RSS

Powered by phpBB® Forum Software © phpBB Group