1 |
Hi Michael, |
2 |
|
3 |
On Tue, 13 Aug 2019 13:39:34 -0400 Michael Orlitzky wrote: |
4 |
|
5 |
>On 8/13/19 1:14 PM, Lars Wendler wrote: |
6 |
>> I would like to reserve UID/GID 81 for apache (www-servers/apache). |
7 |
>> |
8 |
>> This is the historical UID/GID for apache user in Gentoo. |
9 |
>> Fedora and RedHat use UID/GID 48. Arch Linux has no |
10 |
>> "apache" user but a "http" user with UID/GID 33 (which is already |
11 |
>> reserved in Gentoo). |
12 |
>> |
13 |
>> Here are the commits for possible review: |
14 |
>> https://github.com/Polynomial-C/gentoo/commits/accts-apache |
15 |
>> |
16 |
> |
17 |
>By setting /var/www as apache's home directory, we're going to wind up |
18 |
>with /var/www being owned by apache:root. That's not quite right, for a |
19 |
>couple reasons: |
20 |
> |
21 |
> * The anonymous website user shouldn't be able to delete the entire |
22 |
> web hierarchy using e.g. a wordpress exploit. |
23 |
> |
24 |
> * Every other web server wants to share /var/www, too. |
25 |
> |
26 |
>For example, www-servers/cherokee wants /var/www to be the home |
27 |
>directory for the cherokee user, as does www-servers/ocsigenserver. |
28 |
>Hiawatha stores stuff under /var/www/hiawatha, and just about everybody |
29 |
>uses /var/www/localhost for the default vhost. |
30 |
> |
31 |
>Thinking ahead -- would anything bad happen if we left the home |
32 |
>directory at its default? I don't think our default apache config needs |
33 |
>to own /var/www for any reason, but I'm not certain. |
34 |
> |
35 |
|
36 |
thanks for the review. I've force-pushed the acct-user/apache commit |
37 |
with ACCT_USER_HOME_OWNER being set to root:root. |
38 |
|
39 |
Lars |
40 |
-- |
41 |
Lars Wendler |
42 |
Gentoo package maintainer |
43 |
GPG: 21CC CF02 4586 0A07 ED93 9F68 498F E765 960E 9B39 |