FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Development

 
 
LinkBack Thread Tools
 
Old 06-22-2008, 07:07 AM
Pierre Schmitz
 
Default adding http user/group to filesystems

Hi,

as mentioned in the apache thread I would like to use a dedicated user/group
for our different webserver packages. To achieve this I'd like to add the
user/group http to our filesystem package. (It allready contains them for
mail and ftp)

According to
http://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database uid/gid
33 should be free for use.

An install script to add those for upgraders have to be added, too.

Another approach would be adding an install script creating those groups to
the webserver packages.

What do you think is best?

Pierre
--
http://www.archlinux.de
 
Old 06-23-2008, 05:10 PM
Pierre Chapuis
 
Default adding http user/group to filesystems

Le Mon, 23 Jun 2008 18:48:12 +0200,
Arvid Ephraim Picciani <aep@ibcsolutions.de> a écrit :

> so this is the official announcment that the vanilla-style-do-it-yourself for
> professional engineers and manual readers is no more, and that in future
> there will be rather debian-style-out-of-the-box solutions for those who
> want it to "just work" ?
> I'm fine with that new way. I'm going to look for a different distro then
> instead of having to unpatch more and more packages. I just would like to
> have a clear signal finally. The back and forth between those different
> styles is really painfull for somone who has to actually maintain a few
> dozens of machines.

This is not a patch but a small change in default configuration to follow upstream advice [1]. I wouldn't go as far as saying that we're becoming Debian for that much.

[1] http://httpd.apache.org/docs/2.2/misc/security_tips.html#serverroot
 
Old 06-23-2008, 06:37 PM
Pierre Chapuis
 
Default adding http user/group to filesystems

Le Mon, 23 Jun 2008 19:14:58 +0200,
Arvid Ephraim Picciani <aep@ibcsolutions.de> a écrit :

> On Monday 23 June 2008 19:10:30 Pierre Chapuis wrote:
>
> > [1] http://httpd.apache.org/docs/2.2/misc/security_tips.html#serverroot
>
> that link states exactly the oposit of what you where saing before.
> no user owned files anywhere. all owned by root.

In fact I really meant the page you get when you click on the word "User", which is http://httpd.apache.org/docs/2.2/mod/mpm_common.html#user.

It reads:

"It is recommended that you set up a new user and group specifically for running the server. Some admins use user nobody, but this is not always desirable, since the nobody user can have other uses on the system."

and also:

"Don't set User (or Group) to root unless you know exactly what you are doing, and what the dangers are."
 

Thread Tools




All times are GMT. The time now is 12:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org