tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Webserver users



Hi folks,

We have packages for web applications (www/wordpress, mail/roundcube, www/php-piwigo...) for which some of their configuration files are installed with the permissions of the webserver user. mk/defaults/mk.conf contains APACHE_USER?=www and APACHE_GROUP?=www and the previously cited packages use them in their Makefiles. But Apache is not the only webserver available in pkgsrc and there is at most nginx and lighttpd. nginx creates the 'nginx' user for suexec and lighttpd creates the 'lighttpd' user. Therefore, a binary bulk provides by default a nginx server that runs as nginx user and a php-piwigo package that installs configuration files for www user. My idea is to make 'www' the default user for all webserver without introducing major changes.

* mk/defaults/mk.conf:
-APACHE_USER?=   www
-APACHE_GROUP?=  www
+APACHE_USER?=   ${WWW_USER}
+APACHE_GROUP?=  ${WWW_GROUP}

+LIGHTTPD_USER?= ${WWW_USER}
+LIGHTTPD_GROUP?=${WWW_GROUP}

+NGINX_USER?=    ${WWW_USER}
+NGINX_GROUP?=   ${WWW_GROUP}

+WWW_USER?=      www
+WWW_GROUP?=     www

Here a patch to apply these changes against pkgsrc-2018Q1 and to modify the packages that use APACHE_{USER,GROUP}: http://pkgsrc.triaxx.org/patches/wwwuser.diff

Here a report of pbulk for the affected packages: http://pkgsrc.triaxx.org/reports/pkgsrc-2018Q1/NetBSD-7.1.1/20180425.1513/meta/report.html
(I don't see the problem with mail/turba)

Could we imagine to import this kind of changes in HEAD?

I am interested in your opinion and comments.


Home | Main Index | Thread Index | Old Index