Hi Brazen, Right you are, that was not an appropriate example. I meant that all virtual host under the /var/www has to be owned by the same user and group www-data in case if you have only one user to manage many virtual hosts. www-data as an owner of root directory is not a secure option.
Sasha James Dinkel wrote: > On Mon, Aug 17, 2009 at 12:00 PM, Alexander Kraev > <alexander.kr...@gmail.com <mailto:alexander.kr...@gmail.com>> wrote: > > Hi, > > It depends on web-server architecture and how many sites you are going > to run inside /var/www. > > root:root is good for /var/www if you are running many sites in > /var/www. Let's say: > > /var/www/example.org <http://example.org> > /var/www/example.net <http://example.net> > /var/www/sub.example.org <http://sub.example.org> > > Each of these directory has to be owned as www-data:www-data if you use > only www-data user to manage all virtual hosts and unix_user:www-data in > case of multi-user virtual host based web server. > > It's a quick tip, all depends on your needs and web server's > architecture. > > > "Each of these directory has to be owned as www-data:www-data" > > This is absolutely not true, and a bad idea for reasons already pointed > out in this thread (Roy Sigurd Karlsbakk's email). Only set www-data as > the owner when a web application specifically calls for it and only on > the folder or file that it calls for. > > For instance, say a web application requires the web server to have > write access to /var/www/myapp/uploads/. Then keep /var/www owned by > root.root and perms set to 755, and change just the uploads folder to be > owned by www-data.root (or www-data.www-data, or root.www-data with 775 > perms, it's all the same). > > If you do want users without root privileges to be able to modify the > directories, then that is ok give them permissions to write to whatever > they need, but you do not want to give www-data any more than read > permissions unless your web application specifically calls for it. > > Brazen -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam