Hey Alex. On Tue, 2016-07-19 at 15:01 +0200, Alexander Wirt wrote: > >- don't do this at all (since it's be no means sure that www-data > > actually needs or should have access to icingaweb2 content) > As I already told you it is needed.
And as I've already answered, it's only needed when using mod_php... and not at all for any other setups... and yes I know your answer that mod_php is considered by you as the default, but is there any reason not to allow people to use the other setups, especially when it doesn't make your packaging efforts noticeable more problematic? > > - at least do it only once on the original installation? > > This would make leave the setup with the mod_php SAPI continue to > > work out of the box, while not interfering with the setups of > > people which deliberately choose to remove www-data from > > icingaweb2. > > This makes especially sense in order to not grant anything > > running in > > the webserver's context access to the whole Icinga Web 2 > > configuration > > which likely includes passwords to databases, or e.g. SSH keys. > That should be possible. What do you mean? It should be possible to do it only once on installation? Or that it should be possible (for the "default" mod_php setup to access these files/passwords/etc.? Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
