On 09/12/17 21:22, Chris Green wrote:
On Sat, Dec 09, 2017 at 06:32:40PM +0000, steve-ALUG@hst.me.uk wrote:
{SOME SNIPPING}
On 09/12/17 10:21, Chris Green wrote:
On Sat, Dec 09, 2017 at 09:27:25AM +0000, Huge wrote:
Why not just Do It Right?
OK, tell me how I set things up so that files created by the web server aren't owned by the web server.
Suggestions previously offered. Also from Apache WIKI https://wiki.apache.org/httpd/FileSystemPermissions
Read that carefully, it *doesn't* do what you suggest.
I believe the "suggestions previously offered" go some way to doing what you want. The link was merely an "also" which more-or-less confirms what "Huge" was saying.
... also tell me how I make things more secure by deviating by a very large amount from the standard distribution configuration. The likelihood of there being an error (which will make security holes) in a 'one man' customisation of a standard set up is considerable.
An analogy. Ubuntu has a default firewall, but it's not shipped in "Enabled" state. It is recommended that you configure & enable it, but they don't do it for you. You have to set up a one man customisation and it makes things more secure.
I have also done a one man customisation of: email dns ssh printing antivirus ssh monitoring networked file sharing wifi log-file analysing ad-blocking privacy-measures backups and probably many more things.
All to try and make things more secure.
I have probably done much of the above too but it *doesn't* equate to what you are suggesting one does to apache (even if it's possible which I'm beginning to doubt). Virtually all the above customisation is on one's home directory and thus doesn't prevent one having an absolutely standard installation. You could do most of the above and just save /home to put back over a clean install of a new system.
OK, my list above
email dns ssh printing antivirus ssh monitoring networked file sharing wifi log-file analysing ad-blocking privacy-measures backups
Every single one of those on my system, except wifi and backups requires some server to be installed in a bin directory, and to be configured in /etc/ or a subdirectory thereof.
you're right about wifi. One of my backup systems is configured as a particular user, but backs up everything. My other backup systems require software and servers or serices installed and are configures in /etc or subdirectories thereof.
" Virtually all the above customisation is on one's home directory and thus doesn't prevent one having an absolutely standard installation. You could do most of the above and just save /home to put back over a clean install of a new system. "
I believe for the examples I have given, that that is incorrect.
Almost everyone is going to have installed particular software that may not be installed by default, and almost certainly configured it away from the default settings (e.g. Syncthing). Apache doesn't come preconfigured to run a wiki. Given that it has already been configured to run a wiki, it seems odd to express a desire not to configure it.
Steve