Clik here to view.
What’s the best way of handling permissions for apache2′s user www-data in...
Has anyone got a nice solution for handling files in /var/www/ ? We’re running Name Based Virtual Hosts and the apache2 user is ‘www-data’ We’ve got two regular users & root. So when messing with...
View ArticleClik here to view.
www-data user can read /etc/fstab
I’m pretty new at this. So I figured out that apache2 starts processes as www-data user. Suppose this user then starts untrusted code. What if I wanted to disallow this user to read any files (like...
View ArticleClik here to view.
apache2: start processes with other than www-data user
apache2 seem to start new processes with www-data user. How could I make it start new processes with some other user? ubuntu 11.04 by the way. This can only be changed globally (not for single...
View ArticleClik here to view.
What’s a sensible workflow for deploying webserver content using git push?
I’d like to use git push to update my (nginx) webserver content, while still keeping things secure. One way I could do this would be to ssh to my server, git pull from bitbucket into /srv/www, and...
View ArticleClik here to view.
How to set default group permission in Ubuntu for www-data (apache’s user)?
I have not been able to set a umask for www-data (apache’s user). I tried to put umask 002, like in many other examples I found, in /etc/init.d/apache2 script, or in /etc/apache2/envvars.... Then I...
View ArticleClik here to view.
How do I enable a group of users to edit files in Ubuntu var/www?
I’m hoping someone will be able to direct or help me understand how I can enable multiple users to edit the same files/folders in Ubuntu EC2 server (11.10). I currently use Transmit, the Terminal...
View ArticleClik here to view.
Linux Web Server Permissions – Best Practices
On a privately owned server with one website, is there any reason the files/directories within /var/www can’t be group owned by www-data? My understanding is that security risks with www-data having...
View ArticleClik here to view.
Is suPHP any more secure than alternatives?
I have a web application needs write access to certain folders on a LAMP server. Since suPHP / suEXEC escalate operations to an account you specify, it seems like your server is no more secure because...
View ArticleClik here to view.
Using www-data through SSH
For development purposes I’m using www-data (on an ubuntu 11.10 server) to ssh in and fire git commands and basic stuff against the webroot. I don’t have things like command history, coloring, etc...
View ArticleClik here to view.
chgrp to group I am not a member of
I’m creating git repositories, ldap accounts and ldap groups using PHP application. Everything works fine, but I have a problem to set right permissions to git repositories. Every ldap user is a...
View Article