On Sat, Dec 09, 2017 at 06:32:40PM +0000, steve-ALUG@hst.me.uk wrote:
{SOME SNIPPING}
On 09/12/17 10:21, Chris Green wrote:
On Sat, Dec 09, 2017 at 09:27:25AM +0000, Huge wrote:
Why not just Do It Right?
OK, tell me how I set things up so that files created by the web server aren't owned by the web server.
Suggestions previously offered. Also from Apache WIKI https://wiki.apache.org/httpd/FileSystemPermissions
Read that carefully, it *doesn't* do what you suggest.
... also tell me how I make things more secure by deviating by a very large amount from the standard distribution configuration. The likelihood of there being an error (which will make security holes) in a 'one man' customisation of a standard set up is considerable.
An analogy. Ubuntu has a default firewall, but it's not shipped in "Enabled" state. It is recommended that you configure & enable it, but they don't do it for you. You have to set up a one man customisation and it makes things more secure.
I have also done a one man customisation of: email dns ssh printing antivirus ssh monitoring networked file sharing wifi log-file analysing ad-blocking privacy-measures backups and probably many more things.
All to try and make things more secure.
I have probably done much of the above too but it *doesn't* equate to what you are suggesting one does to apache (even if it's possible which I'm beginning to doubt). Virtually all the above customisation is on one's home directory and thus doesn't prevent one having an absolutely standard installation. You could do most of the above and just save /home to put back over a clean install of a new system.