On Tue, Feb 2, 2021, 2:10 AM Richard Hector <rich...@walnut.gen.nz> wrote:
> Hi all, > > I'm reviewing how I set up websites (mostly Wordpress at the moment), > and would like other opinions on what I'm planning is sane. > > My plan is to have a user eg "mysite" that owns all/most of the standard > files and directories. > > The webserver (actually php-fpm) would run as "mysite-run". > > Group ownership of the files would then be mysite-run, but group-write > permission would not be granted except where required, eg the 'uploads' > and 'cache' directories. > > Files in those directories, created by the php-fpm process, would > obviously be owned by mysite-run. > > Alternatively the group ownership of most of the directories could > remain with mysite, and but the uploads and cache directories > group-owned (and group-writeable) by mysite-run. > > The objective of course is that site code can't write to anything it > shouldn't. I know that means that I'll have to install upgrades, plugins > etc with the wp cli tool. > > I earlier had thoughts of improving this with ACLs, but a) this got > really complicated and b) it didn't seem to solve some of the problems I > was trying to solve. > > I wanted to be able to allow other users (those who might need to update > sites) to be able to log in as themselves and make changes, but IIRC > nothing (other than sudo or setuid tools) will allow them to set the > ownership back to 'mysite', which is what I want it to be. I'm aware of > bindfs, which allows fuse mounting of filesystems with permission > translation, but as far as I can tell, it doesn't allow mapping of > userids. Tools could help, but I'd rather some of these users had SFTP > access only, which would prevent them being used. > > Any thoughts? > I like some of the ideas, mentioned by others, including SELinux issues. But, for a High Security Website, I prefer Lighttpd over Apache2 and, especially WordPress. Am I mostly on the right track? > Mostly. > > Thanks, > Richard > Kenneth Parker
