On 8/13/19 1:14 PM, Lars Wendler wrote:
> I would like to reserve UID/GID 81 for apache (www-servers/apache).
>
> This is the historical UID/GID for apache user in Gentoo.
> Fedora and RedHat use UID/GID 48. Arch Linux has no
> "apache" user but a "http" user with UID/GID 33 (which is already
> reserved in Gentoo).
>
> Here are the commits for possible review:
> https://github.com/Polynomial-C/gentoo/commits/accts-apache
>
By setting /var/www as apache's home directory, we're going to wind up
with /var/www being owned by apache:root. That's not quite right, for a
couple reasons:
* The anonymous website user shouldn't be able to delete the entire
web hierarchy using e.g. a wordpress exploit.
* Every other web server wants to share /var/www, too.
For example, www-servers/cherokee wants /var/www to be the home
directory for the cherokee user, as does www-servers/ocsigenserver.
Hiawatha stores stuff under /var/www/hiawatha, and just about everybody
uses /var/www/localhost for the default vhost.
Thinking ahead -- would anything bad happen if we left the home
directory at its default? I don't think our default apache config needs
to own /var/www for any reason, but I'm not certain.
