Re: [users@httpd] Changing the User Which Runs Apache

2013-08-14 Thread Bob Proulx
Noah Duffy wrote: > Bob Proulx wrote: > > Sorry for the long rant. I rarely get down to this mailing list in my > > reading. I did today and your discussion thread caught my attention > > and I was compelled to comment upon it. > > I had to read your response twice. It was loaded with more helpf

Re: [users@httpd] Changing the User Which Runs Apache

2013-08-08 Thread Noah Duffy
On Aug 8, 2013, at 5:33 PM, Bob Proulx wrote: > Sorry for the long rant. I rarely get down to this mailing list in my > reading. I did today and your discussion thread caught my attention > and I was compelled to comment upon it. I had to read your response twice. It was loaded with more helpf

Re: [users@httpd] Changing the User Which Runs Apache

2013-08-08 Thread Bob Proulx
Noah Duffy wrote: > WordPress may be a bad example, but here's what I'm trying to accomplish: If nothing else it is extremely popular. > When installing, there are just a few files and directories which > contain the pages and PHP. Upon first visit, it has you enter your > admin password and then

Re: [users@httpd] Changing the User Which Runs Apache

2013-08-08 Thread Noah Duffy
On Aug 8, 2013, at 12:20 PM, John Iliffe wrote: > Apache has to start as root so it can get permission on the socket > (presumably 80). It then does an su to the uid it runs under. Could be > apache but you can have anything you want. It does not need write or > execute on any of the page d

Re: [users@httpd] Changing the User Which Runs Apache

2013-08-08 Thread John Iliffe
Apache has to start as root so it can get permission on the socket (presumably 80). It then does an su to the uid it runs under. Could be apache but you can have anything you want. It does not need write or execute on any of the page directories just read. They could be owned by you or you

Re: [users@httpd] Changing the User Which Runs Apache

2013-08-07 Thread Noah Duffy
On Aug 7, 2013, at 6:36 PM, Yehuda Katz wrote: > Check out how the default configuration of apache works on Debian/Ubuntu. > They run as the user www-data and have the correct permissions set on the > /var/www folder. I'm running Ubuntu Server 12.04 and just checked the default permissions on

Re: [users@httpd] Changing the User Which Runs Apache

2013-08-07 Thread Yehuda Katz
Do not run Apache as yourself. If it (or any application it runs as a module - like PHP if you use mod_php) is compromised, it will be able to modify your personal files. Most people run apache as www-data (or similar) in a dedicated directory. Check out how the default configuration of apache wor

[users@httpd] Changing the User Which Runs Apache

2013-08-07 Thread Noah Duffy
I've tinkered with running a website using Apache on Linux for a few years now, but in my earlier days, I was a little naive and didn't pay too much attention to permissions. Now that I'd like to host a very small site on a home server, I'm trying to take security seriously. I know I could easily