> Gary Robertson wrote:
[snip]
> We are setting up a Web site using pgsql. I am unsure of which users I
> should set up, & who should own the html & php3 files in our directory
> etc.
[snip]
While I use AOLserver and not apache+php3, the concepts are similar:
1.) The httpd run user (which should not be root, but some unprivileged
account, such as 'webserver' (in my case, it's actually 'aolserver'))
should own all html and php files necessary, with perms of 600 or 700.
2.) You should run a 'createuser ${HTTPD_RUN_USER}', making sure NOT to
give that user an special privileges (such as create user, create table,
or superuser). Of course, substitute the actual httpd run user up
there...
3.) You may or may not want the HTTPD_RUN_USER to actually own the
tables in question -- however, you will have to GRANT the perms desired.
In the case of AOLserver, the connections from the aolserver process
(nsd) are pooled and are made with the userid of 'aolserver'. For
AOLserver, all files the nsd process (singular, since AOLserver is
multithreaded) accesses are owned by 'aolserver' and chmod'd 600.
AOLserver uses a tcl API -- those files (*.tcl and *.adp) are also
chmod'd 600, as AOLserver does its own interpreting -- php may need
execute permission; I don't know.
HTH
Lamar Owen
WGCR Internet Radio
