[arch-general] [arch-dev-public] adding http user/group to filesystems
Pierre Chapuis
catwell at free.fr
Mon Jun 23 14:37:27 EDT 2008
Le Mon, 23 Jun 2008 19:14:58 +0200,
Arvid Ephraim Picciani <aep at ibcsolutions.de> a écrit :
> On Monday 23 June 2008 19:10:30 Pierre Chapuis wrote:
>
> > [1] http://httpd.apache.org/docs/2.2/misc/security_tips.html#serverroot
>
> that link states exactly the oposit of what you where saing before.
> no user owned files anywhere. all owned by root.
In fact I really meant the page you get when you click on the word "User", which is http://httpd.apache.org/docs/2.2/mod/mpm_common.html#user.
It reads:
"It is recommended that you set up a new user and group specifically for running the server. Some admins use user nobody, but this is not always desirable, since the nobody user can have other uses on the system."
and also:
"Don't set User (or Group) to root unless you know exactly what you are doing, and what the dangers are."
More information about the arch-general
mailing list