View Single Post
  #8  
Old 16th September 2012, 13:18
tuxfan tuxfan is offline
Junior Member
 
Join Date: Nov 2011
Posts: 19
Thanks: 0
Thanked 4 Times in 2 Posts
Default

That realy depends on how you do it.

Since youre not giving the group www-data write access, any php-injections and so on can not harm the system. Only "user"(in my example) has writing permisions.

We usualy dont give clients shell access - but if we would they would not be a part of the www-data group, so even if they would get out of the root-jail they would not acces the sites controled by "user". A normal ipsconfig account could coexist with such webmaster-controled accounts - and in fact the ownership can be reverted even if it has never been requested.

Of course is the webmasteraccount ("user") a weak point - I admit that. But the alternative is using the root account a lot - and that is even worse - and with proper security routines that should not be a problem.

The permisions updates - I don't find them. I guess they are under "system > server config> my.server -> Webb" - but I dont find such variable.

Last edited by tuxfan; 16th September 2012 at 18:46.
Reply With Quote