[ALUG] The 'nobody' user in HTML and CGI, how to best use it?

[Brett Parker]

On Fri, Jan 19, 2007 at 03:44:02PM +0000, cl at isbd.net wrote:
> I mostly understand why there is a user 'nobody' who owns all the HTML
> and CGI stuff in the /var/www hierarchy.
> 
> However it's a bit of a pain maintaining the 'nobody' file ownership
> permissions there, how do other people manage this?   At present I
> tend to do things as root and then 'chown -R nobody' which is a bit
> clumsy really.

General rule of thumb: the nobody user should only have *read* access on
those files. It shouldn't own them. The reason you serve as nobody (or
in debian as www-data) is that it protects you from holes in the
webserver that could otherwise be exploited and used to overwrite your
carefully laid out website.

With CGI there's the whole other issue of making sure that your code is
secure and can't be exploited to get privilege escalation (that's bad,
k) - sometimes you do need to have some files owned by the nobody user -
but it's best to keep those outside of the webroot, where the cgi can
read and write them but nothing else.

> The problem is that one has to be root to manipulate the files owned
> by nobody as one can't actually become nobody.  Ooh, just tried and
> one *can* become nobody via root, I suppose that's one way to deal
> with it.
> 
> So, is that what others do when doing things to files in the /var/www
> area, su to root and then to nobody?

Generally I have a /var/www/websitename directory, with websitename
being the primary hostname of the website - then I set that to be owned
by the user that is most going to update it. If there are a group using
it then you setgid the directory and give the group write access to it.

Cheers,
-- 
Brett Parker