On Mon, Feb 05, 2001 at 08:07:29AM -0800, Leonard Leblanc wrote: > What would be the best owner/group for perl scripts that are running on a > web server?
Someone trusted. > Does it really matter? Of course - anyone who can write to the scripts (which always ultimately includes the owner, since he can change the permissions) has the ability to make them do things they shouldn't. OTOH, unless the scripts are suid/sgid (which they probably shouldn't be), they're not likely to be able to do all that much damage. The two keys are: 1) As I mentioned above, don't make them suid/sgid unless you absolutely have to and you know what you're doing. 2) Don't give ownership to user or group www-data. Under a standard Debian install, the apache request handlers run as user and group www-data, so any files owned by that user/group can be changed by anyone who finds an apache exploit. Therefore, www-data should not own anything. -- SGI products are used to create the 'Bugs' that entertain us in theatres and at home. - SGI job posting Geek Code 3.1: GCS d? s+: a- C++ UL++$ P++>+++ L+++>++++ E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r y+
