On Mon, Oct 29, 2018 at 12:27:53PM -0500, David Wright wrote:
On Sun 28 Oct 2018 at 19:57:08 (-0400), Gene Heskett wrote:
I don't think thats how it works. UID/GID as www-data is just part of the
sandbox apache2 and its ilk play in. In fact after I've equipt apach2
with some new toy, the last thing I do as root is a chown -R
www-data:www-data any directory apache2 can access in going about its
normal business.
Then you probably need to read the docs carefully, rather than taking
any notice of what's written [above], which contradicts anything I've
read on this subject.
Correct; the original text is bad advice. In general, you do not want
your web server process to be able to write the files that it is
running, in order to reduce the avenues for privilege escalation in the
face of a bug in a web script. Sometimes the web server does need to be
able to write, and in those cases it is best to carefully configure the
web server to not run anything from areas which are writable, and to
restrict the writable areas to the minimum necessary. (A lot of other
controls are also important, such as preventing unauthenticated upload
and download of the same files and/or implementing some sort of
moderation to prevent the site from turning into an unexpected
distribution node for illegal material, etc.)
Mike Stone
