On Fri, 24 Nov 2006 01:42:42 +0100 Javier Fernández-Sanguino Peña wrote: > On Mon, Nov 06, 2006 at 11:42:25PM +0100, Francesco Poli wrote: [...] > > Would it be wise if web content were owned by a regular user (say > > user Ronny Regularuser, username 'ronny') who is the webmaster, and > > by group 'www-data', and created with umask 0027? [...] > > I don't think it would be wise, if the user 'ronny' was compromised > the website would be defaced. root:www-data with mode 750 seems more > plausible to me.
But wouldn't it be dangerous, as webmaster operations would require root privileges? I mean, the webmaster and the sysadmin could well be two distinct persons: how can we handle the modification of web content? Has the webmaster to contact the sysadmin everytime he/she wants to change even a minor detail? > > > $ ls -altrF /var/www/test/ > > total 16 > > drwxr-xr-x 4 root root 4096 2005-11-01 18:47 ../ > > drwxr-x--- 3 ronny www-data 4096 2006-09-09 07:55 old/ > > drwxr-x--- 3 ronny www-data 4096 2006-10-08 10:23 cur/ > > drwxr-x--- 4 ronny www-data 4096 2006-11-01 13:41 ./ > > > > What if more than one user needs to be able to create directories > > inside /var/www/test/ ? > > It really depends on how you publish content to the site. Some people > do it through some intermediate mechanism (such as CVS) some others do > it directly to the site. I would be interested to read an explanation of possible secure setups for both these situations. For instance, assuming that I use a revision control system (such as CVS, or GNU Arch a.k.a. Tla, or Bazaar-NG, or ...), I would want to only store the source for the web content (that is to say, the preferred form for making modifications), but publishing both source and compiled forms (if any). Examples could be PNG images generated from SVG (through Inkscape), or XHTML pages generated from ReStructured Text (through Python-DocUtils' rest2html). Who would have write access to the repository? How would the web content be updated as the repository changes? How would the generation of compiled forms be handled? Otherwise, assuming that I want the webmaster to deploy and change web content directly, how would the write access be handled? -- But it is also tradition that times *must* and always do change, my friend. -- from _Coming to America_ ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgp6JhnLjuMIJ.pgp
Description: PGP signature
