Package: harden-doc Version: 3.10 Severity: wishlist Hi!
Section 12.1.12.1 _Are all system users necessary?_[1] lists statically allocated system users and their intended purpose. [1] which is in http://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s12.1 Among the others, the following items for 'www-data' and 'backup' are included: | * www-data: Some web servers run as www-data. Web content should not | be owned by this user, or a compromised web server would be able to | rewrite a web site. Data written out by web servers, including log | files, will be owned by www-data. | | * backup: So backup/restore responsibilities can be locally delegated | to someone without full root permissions. These two explanations are a bit unclear, at least to me. I mean: what is the recommended (from a security point of view) setup for the above mentioned tasks? More in detail, web servers must obviously be able to read web content (so that they can serve it); hence it seems that web content should at least be readable by www-data *group*. Is that right? Would it be wise if web content were owned by a regular user (say user Ronny Regularuser, username 'ronny') who is the webmaster, and by group 'www-data', and created with umask 0027? Something like: $ ls -altrF /var/www/test/ total 16 drwxr-xr-x 4 root root 4096 2005-11-01 18:47 ../ drwxr-x--- 3 ronny www-data 4096 2006-09-09 07:55 old/ drwxr-x--- 3 ronny www-data 4096 2006-10-08 10:23 cur/ drwxr-x--- 4 ronny www-data 4096 2006-11-01 13:41 ./ What if more than one user needs to be able to create directories inside /var/www/test/ ? Should webmaster(s) belong to group 'www-data'? Could a more detailed explanation of the recommended setup be included in the section (or placed elsewhere and linked from this item)? As far as the 'backup' user is concerned, assuming that I want to perform both system and data backups, how can the 'backup' user read all the files it needs to backup without having superuser privileges? How should things be set up, in order to achieve this goal? Could a more explicit description of the proposed setup be included in the section (or put elsewhere and linked from here)? Thanks for considering. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
