l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
September 2: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2002 Apr 09 11:56

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Groups and Users?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Groups and Users?



On Tue, Apr 09, 2002 at 11:35:18AM -0700, ALLO (Alfredo Lopez) wrote:
> I have a couple of Bioinformatics applications that are accessed through a
> Web server.  Some of the folders have as the User and Group: root; others
> have:1000 and another set has User:543  Group:63. 
> Why do I have this weird (at least to me) collection of users and groups?  I
> guess that those that have root, have it because I was root when I created
> them, but the others? 

That often happens when software is moved from one system to another via NFS
or tar. On the source system, those user and group numbers are defined, but
on the destination they are not.

> Do I need to change everything to root or something else?  Does it matter?
> Is there a "good practice" rule that I can follow?  I will appreciate any
> insight, links to sites where I can learn more about this, book suggestions
> etc.

Yes, you should change the ownership so that only names users and groups
appear, not numbers.

What to use? It depends on what user and group are used by the web server.
(Consult 'ps aux | grep <daemon name>'.) The best practice (default on
Debian) is to run apache as www-data:www-data.  Then, if files need to be
read by the www server, either mode 555 (files owned by root:root) or mode
550 (files owned by root:www-data) will work.

It is a bad idea for the web files to be owned by the www server's user or
group, because of the principle of "don't grant more permissions to a daemon
than necessary". Similarly if a file must be writable by the www server, use
the minimum permissions: ownership by root:www-data, mode 660.

-- 
Henry House
The attached file is a digital signature. See <http://romana.hajhouse.org/pgp>
for information.  My OpenPGP key: <http://romana.hajhouse.org/hajhouse.asc>.

Attachment: pgp00005.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!