[BlueOnyx:12946] Re: adding a service account to a group
Michael Stauber
mstauber at blueonyx.it
Thu May 2 06:51:29 -05 2013
Hi Drew,
> So we have a developer that created an application that uses the
> Webserver to write files to some specific folders. Their application
> creates the folders with the permissions as 755. The folders are
> created with the user nobody, and the group site1. I manually changed
> the permissions on the folders as 775, and added the user apache to the
> site1 group in /etc/groups.
>
> Is there a way with BlueOnyx to leave apache as a member of the site1
> group? Or to make and keep the directory owner as Apache when the
> application creates new folders?
>
> Or is there a better way to do this?
Yes, there are better ways to do this.
Please take a look at this page:
http://www.blueonyx.it/index.php?page=suphp
When you enable suPHP for a site, you also select one user who owns all
files and folders of your Vsites web tree. The PHP scripts of that site
will then also be executed with the UID and GID of that suPHP user. So
files and folders created by scripts will also directly be owned by him
and will have the right ownerships.
That way you avoid tearing security holes into your server such as
adding user "apache" to the site group.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list