On Mon, May 20, 2013 at 11:05:26AM +0300, Lars Nooden wrote: > On Mon, 20 May 2013, Tony Baldwin wrote: > [snip] > > and add the server (www-data) to their group, 775 stuff. I don't know if > > it's the best practice, > [snip] > > The www-data user and group should be left alone. They are there for > privilege separation of the web server by providing an unprivileged > account for the daemon. It would make the server a lot less secure if > either were to be given write access to the same directories and files > that it is serving. That would defeat the purpose of www-data. If you > need another group for the users to share, create one just for that > purpose and use it instead.
I'm not adding the users to the www-data group. I'm adding the www-data user to the users' groups, so the server can write to the stuff in their /home/webroot/ I assumed this latter was better than the former. ./tony -- http://www.tonybaldwin.me art, music, software by me, tony 3F330C6E
signature.asc
Description: Digital signature
