{SOME SNIPPING}
On 09/12/17 10:21, Chris Green wrote:
On Sat, Dec 09, 2017 at 09:27:25AM +0000, Huge wrote:
Why not just Do It Right?
OK, tell me how I set things up so that files created by the web server aren't owned by the web server.
Suggestions previously offered. Also from Apache WIKI https://wiki.apache.org/httpd/FileSystemPermissions
... also tell me how I make things more secure by deviating by a very large amount from the standard distribution configuration. The likelihood of there being an error (which will make security holes) in a 'one man' customisation of a standard set up is considerable.
An analogy. Ubuntu has a default firewall, but it's not shipped in "Enabled" state. It is recommended that you configure & enable it, but they don't do it for you. You have to set up a one man customisation and it makes things more secure.
I have also done a one man customisation of: email dns ssh printing antivirus ssh monitoring networked file sharing wifi log-file analysing ad-blocking privacy-measures backups and probably many more things.
All to try and make things more secure.
It's standard practice.
Steve