Add www-data to group
16,243
You won't break anything, but you might cause a security issue, since anyone accessing the www-data account (php scripts, unpatched, hacked pages, etc.) will get read/write access to everything that the 'devs' group has.
"www-data" already has read access to that folder, try limiting the write access to just the files it really really needs to write to.
Related videos on Youtube
Author by
Leandro Garcia
Hola. Soy un aventurero y explorar el mundo de la WWW.
Updated on September 18, 2022Comments
-
Leandro Garcia almost 2 years
I have a directory with the following details:
drwxrwxr-x 6 root devs 4.0K Sep 9 14:57 project_dev
Now I want
www-data
(Apache daemon) to have an access to this directory, so in my mind I am planning to addwww-data
to group devs. However I fear that I would cause wreckage if I execute this:usermod -a -G devs www-data
Inputs please.
-
Leandro Garcia almost 12 yearsAppreciate your feedback, I'd think of this approach because I'm about to install WebSVN. That
project_dev
is a repository. Any suggestions? -
Choy almost 12 yearsCan't he just change the group to www-data and add the dev group to www-data to give access to www-data and avoid the security risk?
-
mulaz almost 12 years@Choy: yes, that would work too. But then the devs would have access to all the www-data stuff (which is sometimes OK, sometimes not). Maybe a separate group, and adding the www-data and required devs to it?