On 1/1/2014 7:55 PM, Bob Proulx wrote:
Jerry Stuckle wrote:
Bob Proulx wrote:
The default for phpmyadmin is that the files are owned by root not
www-data. If they were owned by www-data then they would be unsafe.
(If, and this is a hypothetical if, you told me the files were owned
by a special phpmyadmin-data account, then I would say okay too.
Because that is a different user from the www-data user.)
They also should never have to be changed by the user (except for
the config file). But I suspect the real reason is because there is
no standard user which would be a good one to use. You obviously
One would need to be created for it to exist. But why? One isn't needed.
(Sorry for the delay - attglobal is having email problems).
phpmyadmin is installed as root only by the Debian (and probably other)
packaging systems because there is no other user. If you install
phpmyadmin without the Debian package, it is installed in a user id, not
root.
I would argue there SHOULD be a user/group for installing user packages
like this. The www-data ID would have read privileges via the group,
but nothing else. There really is no reason for it to be installed as
root, except that such an ID doesn't exist. And as we know, having to
su(do) to root to edit a user config file is not the best way to do things.
wouldn't want to use www-data, for reasons previously mentioned.
bin, sys, man and other standard id's aren't appropriate. There may
or may not be user id's (there should be, but they are not required,
AFAIK). And if you do have multiple userids, which one would be
appropriate?
By default, root is the selection.
And root is perfectly satisfactory for this purpose.
That's where you and I disagree.
But then we weren't talking about phpmyadmin. We were talking about
user files.
I know *you* keep talking about user created files. We established
that in another conversation. But *other* people keep talking about
*all* files. "All" includes user created files. But all also includes
any other possible file too.
When you say that users should work as their own non-root account I
fully agree with you that working as non-root is a safer best-practice
to follow.
But when others say that there should never be a root owned file (user
created or otherwise) then that is clearly wrong. That is where I was
objecting.
I never said there should never be a root owned file. However, such
files should be restricted to those which affect the OS, i.e. the
packaging system, network configuration and many other things. Files
which only affect one application (like Apache) should be owned by that
application (or, as in this case, a separate user with read access by
Apache).
Unfortunately others like it to be all of viewed from the web,
installed from the web, upgraded from the web, managed from the web.
And there lies the problem.
Yes, it is. I use Drupal 7 on some of my sites; when I want to
update from the web, I find it a simple matter to place the site in
maintenance mode, ssh into it, and chown -R to www-data on the
directory, update via the web, then chown -R back to the original
id. A couple of extra steps, but worth the security.
That is a good strategy. It takes the extra care to avoid the
problem. It keeps the OS security layer up while the site is online.
I like it. But I think very few people actually take the time and
effort to actually do this. At least from the evidence of the large
number of cracked sites on the web. You may be one of the few that is
making the effort to avoid it.
Bob
I can't afford not to. My clients expect as much security as I can give
them.
Jerry
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52c8bbb7.9060...@attglobal.net
