In article <[EMAIL PROTECTED]> you write: >On Wed, 20 Jan, 1999, Brian May wrote: >> Maybe the web files should be owned by "www-data" and the web >> process should be owned by "www" or "httpd"? This way the >> descriptive names continue to make sense. Practical >> speaking, it is probably just as good to make web files >> owned by root, however, then the name "www-data" won't >> be the owner of any data. > >Would not work, the users on my machine who are aloud to edit the web pages >are members of the www-data group, do you suggest I make them members of root?
I think you are confused... I suggested two ideas (I will present groups and users in user:group format to prevent further confusion): 1. web files owned by www-data:www-data (ie no group change), and the web process executed by www:www (for instance). There is no need for users to be members of root. This would require an extra UID and GID. 2. I was thinking that it would be even simpler to make web files owned by root:www-data (ie still no group change), as I consider groups to be completely seperate to users, and this makes less users to maintain. This would have the advantage that the webserver could still be executed by www-data:root (although it might be confusing because this www-data would access the data and not own it). It isn't as obvious as 1. above though as GID!=UID. Having the web server owned by a different user and group to that of the files is so that if somebody breaks into the server (eg via a buggy CGI script) they cannot tamper with the web files.