2013/12/24 Jerry Stuckle <jstuc...@attglobal.net> > On 12/24/2013 10:37 AM, Raffaele Morelli wrote: > <snip> > > >> Are u kidding? Apache writes and creates everything you want if >> directory/files permissions are designed for and that is what you want. >> >> > Incorrect. Apache writes or creates NOTHING. The web server user can > create and write files from a script, but it is not Apache doing it. >
Do we have to use strict jargon? Of course is not apache but the httpd process, it's the whole thread we are referring to this. > > I agree with the others. User-created files should never be owned by > root. On my servers, files are owned by the person doing the uploading > (which is NOT www-data) and are accessed read-only by group permissions > (with www-data being a member of the group). > > On local systems, files are owned by the user creating the files (again, > not www-data), and accessed via the group. > Again, the www-data user can safely be the owner of everything in the webroot, just think of phpmyadmin, there's nothing unsafe in www-data being the owner because it's an app, same apply eg. for drupal where a user might be allowed to write his own module and be the owner while www-data has group access r-x permissions. > > Having user files owned by root means they can only be edited by root > (unless you extend the group permissions - in which case www-data can also > change the permissions). And you should only use root when you need to > change system configurations, update packages, etc. Not for general user > file editing. > > Jerry
