Hi Michael, On Tue, 13 Aug 2019 13:39:34 -0400 Michael Orlitzky wrote:
>On 8/13/19 1:14 PM, Lars Wendler wrote: >> I would like to reserve UID/GID 81 for apache (www-servers/apache). >> >> This is the historical UID/GID for apache user in Gentoo. >> Fedora and RedHat use UID/GID 48. Arch Linux has no >> "apache" user but a "http" user with UID/GID 33 (which is already >> reserved in Gentoo). >> >> Here are the commits for possible review: >> https://github.com/Polynomial-C/gentoo/commits/accts-apache >> > >By setting /var/www as apache's home directory, we're going to wind up >with /var/www being owned by apache:root. That's not quite right, for a >couple reasons: > > * The anonymous website user shouldn't be able to delete the entire > web hierarchy using e.g. a wordpress exploit. > > * Every other web server wants to share /var/www, too. > >For example, www-servers/cherokee wants /var/www to be the home >directory for the cherokee user, as does www-servers/ocsigenserver. >Hiawatha stores stuff under /var/www/hiawatha, and just about everybody >uses /var/www/localhost for the default vhost. > >Thinking ahead -- would anything bad happen if we left the home >directory at its default? I don't think our default apache config needs >to own /var/www for any reason, but I'm not certain. > thanks for the review. I've force-pushed the acct-user/apache commit with ACCT_USER_HOME_OWNER being set to root:root. Lars -- Lars Wendler Gentoo package maintainer GPG: 21CC CF02 4586 0A07 ED93 9F68 498F E765 960E 9B39
pgpxFTpbrWbP2.pgp
Description: Digitale Signatur von OpenPGP