tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Apache should never be a mandatory dependency



> So we should have a WWWAPPS_USER, and make sure that the web servers
> are set up by default to switch to it when needed? There are programs
> that need read-write files and directories and expect to own them;
> having these files owned by the apache/nginx user (and the apps
> running as that user) isn't a great idea.
> 
> Miscellaneous readonly files should be owned by root though.

Well, drupal and wordpress are probably good examples for what you
describe.
They have parts that can be owned by root, but read-only accessible to
the web-server, and parts that need to be read-write accessible to the
web-server or whatever runs PHP (in case of drupal/wordpress).

As far as I understand pkgsrc, it should be no real problem to have the
correct mode and ownership set, it's just a matter the maintainer has
to implement properly.

As ROOT_USER is available already, something like your WWWAPPS_USER
could be introduced for those special parts.
However, as Joerg already pointed out in a differen part of the thread,
this only works properly as long as something else but apache is used.
mod_perl, mod_php, mod_whatever run as the same user as the apache -
naturally, as it's the same process. But, of course, in those cases,
WWWAPPS_USER can be set to APACHE_USER. You will still have the
separation of ROOT_USER owned files vs WWWAPPS_USER, but WWWAPPS_USER
will be the same as WWW_USER, because that's APACHE_USER.

Volkmar

-- 
http://www.dimensionv.de/
http://tech.nifelheim.info/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OpenPGP
Fingerprint: E03D 33DB B409 2E99 C2DA 7D64 145F 0A76 D252 7078
Key: http://www.dimensionv.de/pgp (+ all public key-servers)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Attachment: pgp28QAfW_Jok.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index