tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Apache should never be a mandatory dependency



> > Any reason APACHE_USER/APACHE_GROUP and NGINX_USER/NGINX_GROUP must
> > differ? Some packages depend on apache and set
> > WWW_USER=APACHE_USER/WWW_GROUP=APACHE_GROUP, then set permissions
> > with WWW_USER/WWW_GROUP.
> 
> I think we should consolidate a WWW_GROUP, but not a user. It often
> makes sense to limit accessibility for the group, e.g. for FastCGI
> sockets. Nothing should run as the unprivileged web server user
> though.

Fair enough, though in order to prevent uncontrolled growth of users,
consolidating a WWW_USER isn't a bad idea, either.
Especially when it comes to web-applications, I wouldn't want them to
be owned by "root". The WWW_USER would be the expected user and safer
then root.
See my other emails for elaboration on a suggestion to a solution while
maintaining the possibility of customization by the user.

- Volkmar

-- 
http://www.dimensionv.de/
http://tech.nifelheim.info/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OpenPGP
Fingerprint: E03D 33DB B409 2E99 C2DA 7D64 145F 0A76 D252 7078
Key: http://www.dimensionv.de/pgp (+ all public key-servers)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Attachment: pgp6LZyPeiRNv.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index