Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

ownership of webapp directories
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1698
PostPosted: Fri Feb 03, 2023 2:36 am    Post subject: ownership of webapp directories Reply with quote
Greeting group
I have a few webservers set up with the ownership of webapp directories under "/var/www/localhost/htdocs" as root.
Over the years of doing development work I have had to do tricks to get my X applications to run as root when I do development and testing.

Now I am running into an issue with kdiff3 crashing if I run a git merge as root.

It has just occurred to me that there might not be any reason for the root ownership. :roll:

I can't think of any reason a perl / php / javascript / rails etc whatever web app would need to run as root? or have files protected by root ownership?
Sure the config files in /etc are root owned.

Any thoughts on this form the Gentoo security guru's?


Thanks in advance
_________________
Donate to Gentoo
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9890
Location: almost Mile High in the USA
PostPosted: Fri Feb 03, 2023 3:36 am    Post subject: Reply with quote
there shouldn't be a reason that any web app needs to be accessed as root, just needs to be accessible by apache that has its own unprivileged user.

however what does the script need to ultimately do? Does that need root access...

Ideally the application should be owned something other than apache if possible, just so that if apache gets compromised, it doesn't have the rights to break into your script.

Do keep in mind whenever you switch users, you do need root access as switch user requires root access - so that may be part of the issue.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1698
PostPosted: Sat Feb 04, 2023 11:44 pm    Post subject: Reply with quote
eccerr0r wrote:
there shouldn't be a reason that any web app needs to be accessed as root, just needs to be accessible by apache that has its own unprivileged user.

however what does the script need to ultimately do? Does that need root access...

Ideally the application should be owned something other than apache if possible, just so that if apache gets compromised, it doesn't have the rights to break into your script.

Do keep in mind whenever you switch users, you do need root access as switch user requires root access - so that may be part of the issue.


Thanks for the feedback, I can confirm it works and now I am no longer running kde / xorg apps as root.
I think the reason I used to keep it as root is our former version control system before git messed with permissions.
_________________
Donate to Gentoo
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy