> > Any reason APACHE_USER/APACHE_GROUP and NGINX_USER/NGINX_GROUP must > > differ? Some packages depend on apache and set > > WWW_USER=APACHE_USER/WWW_GROUP=APACHE_GROUP, then set permissions > > with WWW_USER/WWW_GROUP. > > I think we should consolidate a WWW_GROUP, but not a user. It often > makes sense to limit accessibility for the group, e.g. for FastCGI > sockets. Nothing should run as the unprivileged web server user > though. Fair enough, though in order to prevent uncontrolled growth of users, consolidating a WWW_USER isn't a bad idea, either. Especially when it comes to web-applications, I wouldn't want them to be owned by "root". The WWW_USER would be the expected user and safer then root. See my other emails for elaboration on a suggestion to a solution while maintaining the possibility of customization by the user. - Volkmar -- http://www.dimensionv.de/ http://tech.nifelheim.info/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - OpenPGP Fingerprint: E03D 33DB B409 2E99 C2DA 7D64 145F 0A76 D252 7078 Key: http://www.dimensionv.de/pgp (+ all public key-servers) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attachment:
pgp6LZyPeiRNv.pgp
Description: PGP signature