Webservers other than apache (1) and php (2)
Elan Ruusamäe
glen at delfi.ee
Sun Nov 20 20:40:43 CET 2005
On Sunday 20 November 2005 21:08, Adam Gołębiowski wrote:
> > > I'm currently using lighttpd. Is there any reason, why this creates a
> > > lighttpd group instead of http (like apache)? Currently, to get things
> > > working you must either add lighttpd user to the http group (if it
> > > exists) or chown everything that wants to be owned by http group to
> > > lighttpd.
> >
> > i'm not sure why lighttpd has it's own uid/gid, but it could have been
> > done because, thttpd runs in separate uid (thttpd), and that lighttpd
> > itself doesn't run php, so you could have security by having webserver
> > running different uid than php-fcgi, which runs under http uid.
>
> Uhm, wouldn't it be better if each of the webservers work on their own
> uid but all of them belong to the same group, name it http?
i would go too for each httpd having own uid, and belonging to group http.
would it be primary group? secondary?
but what about cgi programs? are they different?
and then each dir where either php application or cgi program writes is sgid
to http? because otherwise it ends up one httpd writing files which other
can't read, (600,lighttpd,http)
--
glen
More information about the pld-devel-en
mailing list