On Sat, Dec 09, 2017 at 09:27:25AM +0000, Huge wrote:
In reality on most home Linux boxes you will have root as the UID that has access to the web server's configuration and www-data (or another non-user UID) that the web server runs as *and* which owns the 'stuff' files.
In fact I don't really see how the web server *can* have a different UID from the 'stuff', in many situations the web server will create files (e.g. my wiki) and files thus created will be owned by the web server UID. This is essentially my problem, if I could set things so that files created by the web server were owned by some other UID it would solve my problem.
None of these UIDs should be personal accounts or root.
On a big internet facing system I agree, however on a home system without outside access it is IMHO unnecessary.
Why not just Do It Right?
OK, tell me how I set things up so that files created by the web server aren't owned by the web server.
... also tell me how I make things more secure by deviating by a very large amount from the standard distribution configuration. The likelihood of there being an error (which will make security holes) in a 'one man' customisation of a standard set up is considerable.