On Thu, Jan 21, 1999 at 07:36:43PM +1100, Brian May wrote: > 1. web files owned by www-data:www-data (ie no group change), and the > web process executed by www:www (for instance). There is no need for > users to be members of root. This would require an extra UID and GID.
But this won't allow regular users to change the web files either? > 2. I was thinking that it would be even simpler to make web files > owned by root:www-data (ie still no group change), as I consider > groups to be completely seperate to users, and this makes less users > to maintain. This would have the advantage that the webserver could > still be executed by www-data:root (although it might be confusing because > this www-data would access the data and not own it). It isn't as obvious > as 1. above though as GID!=UID. I just use whateverusercreatedthefile.web here. Web server runs as www-data.www-data. Hamish -- Hamish Moffatt VK3TYD [EMAIL PROTECTED], [EMAIL PROTECTED] Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5 CCs of replies from mailing lists are welcome. http://hamish.home.ml.org
