On Sat, 22 Oct 2005 20:48:40 +0200, Philip S. Schulz wrote: > Forgive me if I am overlooking sth obvious, but why don't you use group > permissions?
The current ownership of /var/www/users/foo/ is foo:daemon I was following some older post here on 'how to handle UserDirs in chrooted Apache'. I didn't dare to chgrp www /var/www/users/foo. But come to think of it, it might be the thing to do. Still, zope, mysql and clamav are in group daemon. Therefore: add www to group daemon ? Come to think of it, it might be the only thing to do. On the other hand, do I want to make the unprivileged user www member of daemon ? I welcome your comments on security implications ! Thanks for the plenty off-line mails, I hope this post answers some as well. I want to roll out wordpress (http://wordpress.org) to 150 users. Wordpress requires individual installs (don't argue with me, argue with the chaps of wordpress). So I put these into /var/www/users/foo/blog. In these dirs, everyone needs a config file containing the mysql details. This file itself is blank from remote; therefore safe. But locally, it is accessible. Of course, I tried to chmod it to 640 (by default it is 644), but then the blog renders to blank pages only, and that's not what a blog is for. A similar thing might apply to phpMyAdmin. And then we might want to write some advice into the post-install message(s). So far I followed these by the point but have yet to came across a hint on this, and on security in case of UserDirs. Uwe
