On Sat, Dec 09, 2017 at 10:33:35PM +0000, steve-ALUG@hst.me.uk wrote:
On 09/12/17 21:22, Chris Green wrote:
On Sat, Dec 09, 2017 at 06:32:40PM +0000, steve-ALUG@hst.me.uk wrote:
{SOME SNIPPING}
On 09/12/17 10:21, Chris Green wrote:
On Sat, Dec 09, 2017 at 09:27:25AM +0000, Huge wrote:
Why not just Do It Right?
OK, tell me how I set things up so that files created by the web server aren't owned by the web server.
Suggestions previously offered. Also from Apache WIKI https://wiki.apache.org/httpd/FileSystemPermissions
Read that carefully, it *doesn't* do what you suggest.
I believe the "suggestions previously offered" go some way to doing what you want. The link was merely an "also" which more-or-less confirms what "Huge" was saying.
It doesn't *work*! As it says "Because the group "web-content" is applied to all the files and directories, httpd can read these files, but cannot write to them." it means that things like wikis won't work as the httpd (well apache2) processes need to be able to write to the web content areas. Surely that same applies to blogs as well if you can update them from the web.
Virtually all the above customisation is on one's home directory and thus doesn't prevent one having an absolutely standard installation. You could do most of the above and just save /home to put back over a clean install of a new system. "
I believe for the examples I have given, that that is incorrect.
It depends how you do it! :-)
My backups *are* done by root with custmisation in /etc (i.e. adding a file to /etc/cron.daily) but that's about it as regards extras in /etc.
My dns 'customisation' is in a Raspberry Pi which I suppose you could regard as 'root' but it's so small that it all fits on a 2Gb stick and hence is trivial to keep backed up.
Apart from these, partly because I *do* try very hard not to customise my system in a way that will break on upgrade/re-install, just about everything else is in /home.