2013/12/24 Reco <recovery...@gmail.com> > Hi. > > On Tue, 24 Dec 2013 09:59:39 +0100 > Raffaele Morelli <raffaele.more...@gmail.com> wrote: > > Yes, I missed this point. > > > > BTW, as I don't want to rewrite someone else system security rules, let's > > say that: MY best practice is to have www-data or any other NON-root user > > as the scripts owner. > > So, basically you're allowing any php script to rewrite any php script > with an arbitrary contents. An interesting policy, to say the least.
I usually use NON-root users the webcontent belongs to (eg. for drupal, joomla devs) and use SELinux policies, but yes, as default I use www-data user. I just keep care on what the script is going to do. /r
