On Mon, 2009-07-13 at 16:17 -0700, Rob Thorne wrote:
> Roger Oberholtzer wrote:
> > All the files in your trac place (and the container directory) should
> > belong to wwwrun. That is how all my trac files are. On openSUSE, this
> > is the user apache usually runs as.
> >
> >
> No, they really shouldn't. That's a serious security risk. People do
> this a lot, because it's easy. But it's risky as hell, since it means a
> bad script can rewrite your Trac script. Oops.
>
> You want the wwwrun user (or whatever other user the web server runs
> under) to have write access to only those files that Trac needs to write
> to, and only read access to anything else.
>
> I'd recommend instead that you assign the owner of the files to
> something safer (I typically use an ordinary user), and assign the
> *group* of the files to the Unix group that the web server runs under
> ('www' for SuSE flavored OS). And I then make only those files and
> directories that *need* to be writable be exposed.
Reasonable. So, in a trac environment directory, which files are which?
--
Roger Oberholtzer
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---
