| 1 |
On 8/13/19 1:14 PM, Lars Wendler wrote: |
| 2 |
> I would like to reserve UID/GID 81 for apache (www-servers/apache). |
| 3 |
> |
| 4 |
> This is the historical UID/GID for apache user in Gentoo. |
| 5 |
> Fedora and RedHat use UID/GID 48. Arch Linux has no |
| 6 |
> "apache" user but a "http" user with UID/GID 33 (which is already |
| 7 |
> reserved in Gentoo). |
| 8 |
> |
| 9 |
> Here are the commits for possible review: |
| 10 |
> https://github.com/Polynomial-C/gentoo/commits/accts-apache |
| 11 |
> |
| 12 |
|
| 13 |
By setting /var/www as apache's home directory, we're going to wind up |
| 14 |
with /var/www being owned by apache:root. That's not quite right, for a |
| 15 |
couple reasons: |
| 16 |
|
| 17 |
* The anonymous website user shouldn't be able to delete the entire |
| 18 |
web hierarchy using e.g. a wordpress exploit. |
| 19 |
|
| 20 |
* Every other web server wants to share /var/www, too. |
| 21 |
|
| 22 |
For example, www-servers/cherokee wants /var/www to be the home |
| 23 |
directory for the cherokee user, as does www-servers/ocsigenserver. |
| 24 |
Hiawatha stores stuff under /var/www/hiawatha, and just about everybody |
| 25 |
uses /var/www/localhost for the default vhost. |
| 26 |
|
| 27 |
Thinking ahead -- would anything bad happen if we left the home |
| 28 |
directory at its default? I don't think our default apache config needs |
| 29 |
to own /var/www for any reason, but I'm not certain. |
Archives