On Tue, 2016-07-19 at 15:08 +0200, Alexander Wirt wrote: > What do you mean? It should be possible to do it only once on > > installation? Or that it should be possible (for the "default" > > mod_php > > setup to access these files/passwords/etc.? > The installation part.
Ah that's quite nice and helpful :-) I could try[0] to craft a commit that does this if it helps you. Perhaps including some addition to README.Debian which informs about that www-data is added to the group, as well as why/when this is needed? Something like: Permissions *********** When the package is installed (not on upgrades) it will automatically add the user www-data to the group icingaweb2. This is to suit the setup-scenario in which e.g. the apache PHP SAPI (libapache2-mod-php*) is used, which per default will run under the webserver's context as user/group www-data. If another SAPI is used or the webserver is running as a different user/group, this should be removed and the respective users be added to the group instead (for example cgi-suexec). Notice: Every user added to this group will have obviously access to files owned by the icingaweb2 group. These may typically contain passwords to databases or SSH private keys used with Icinga Web 2. I think such text would give proper explanation to those users who are interested in it, and not causing harm to any others. Cheers. [0] Me admittedly not being a Debian packaging expert.
smime.p7s
Description: S/MIME cryptographic signature
