Greg Wooledge schreef op 23-12-2016 14:07:
On Fri, Dec 23, 2016 at 01:17:23AM +0100, Xen wrote:
Life becomes a whole lot easier if you can do stuff with your regular
user, which is why I am putting stuff in my user home directory in the
first place, instead of some central location.
Making your life easier should NOT be your #1 priority when talking
about a public web server, especially if PHP is involved in any way.
Security should be at least somewhere near the top of the list.
You want to minimize the damage that an attacker can do when (not if)
your Apache+PHP stack gets compromised by yet another PHP
vulnerability.
Trust me, any sane webhost that has websites running under user accounts
would put those websites in user directories. There is no point in
putting it in any other location at all because the safety of the
webserver (instance) is a separate concern from the location and access
rights of some user files. Typically for a webserver (and I am running
this in an LXC instance with pretty much nothing else) the only files
that could ever be at risk are the user's files.
Especially after I get this container to run unpriviledged, I don't
think that there is a reason to think that web-files owned by www-data
are less at risk or less risky than web-files owned by your average user
account.
So yes, I think that have an enclosed space in which you can feel at
home, not have to worry about anything, and no files exist in that space
other than those of your unpriviledged user, IS the number one priority.
And well, as Nicholas says.
Most web-applications will also warn you about write access. They tell
you to get them write access for a single file, and then to remove it
when they are done.
Yes that means not running the server as your regular user I guess, but
that is the model of this system: the webserver doesn't run as your
regular user because normally it would serve many such users. I don't
know how you would solve that if you really ran a web-host but adding
users to www-data so they can chgrp and chmod would solve that problem
just like now right.
Thank you, the other user, for the hint on forwarding port 80 to
something else. But if I have my unpriviledged container that is also
almost the same thing right.
So I guess actually running the webserver as my regular user would be a
bad idea (it is kinda hard in a certain sense to remove write access
from your own files to your own user) but this comes close, so yeah, I
guess the problem is already solved.
So thank you for your answers, please.
