|
Posted by Niels on 02/09/05 06:42
Jennifer Goodie wrote:
> Should web applications have access to areas on the file system that the
> apache user doesn't? I personally only allow my web applications access
> to certain areas on purpose and set my permissions to accomplish this. If
> I need to be a user other than nobody to do something I don't want my web
> applications doing it. Of course, I work in an environment where I have
> root access to dedicated servers and a sysadmin that listens to what I
> want, so your experience may be different. I admittedly do not have a lot
> of experience getting around the problems caused by shared hosting.
This particular php application manages users and has to update their
passwords, move their files around and more. And it manages hardware also,
with similar problems. And it has to run several scripts and programs that
controls the network. So I need a secure way of doing those things.
And yes, I can get root access or make whatever scheme of permissions and
sudos I want -- or maybe something with Linux security modules, but I don't
really know anything about those. I'm running the program on an intranet on
a dedicated server, but probably with internet access to the application
some time in the future.
So my question is: Is sudo the best solution?
Thanks,
Niels
[Back to original message]
|