Re: coherent plan for webserver users and groups?

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: coherent plan for webserver users and groups?
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 18 Jun 2023 00:46:26 +0200

On Sat, Jun 17, 2023 at 06:20:24AM -0400, Greg Troxel wrote:
> I am finding our setup for uid/gid for various packages confusing and
> difficult to deal with.  Basically apache and nginx do the same thing,
> but default to different uid/gid.  And php-fpm is part of the nginx
> world, with yet another uid.

I don't agree that Apache and Nginx do the same thing. Apache has a long
history of pretending to be a web application server where as Nginx has
a long history of being a reverse proxy server. While they can be used
the same way, the reverse proxy methodology tends to result in a less
tight coupling and better isolation between components. I would argue
that any code that assumes it is running directly in the web server or
as the same user as the web server is misdesigned and depending on the
APACHE_USER (or NGINX_USER for that matter) is an indicator for that.

Now having a wwwrun group might make some sense, but then it is putting
a lot of policy in the framework...

Joerg

References:
- coherent plan for webserver users and groups?
  - From: Greg Troxel

Prev by Date: Re: Rust build failure on Darwin
Next by Date: daily pkgsrc CVS update output
Previous by Thread: coherent plan for webserver users and groups?
Indexes:

Home | Main Index | Thread Index | Old Index