nginx question...

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

nginx question...

Worik Stanton
Summary:

The files under /var/www/htdocs are by default it seems all owned by
root:wheel.  What are the issues with changing that to be a normal user?

The long version....

My work flow involves building a directory structure on another machine
and using 'rsync' when I am ready to transfer it to the OpenBSD machine
to be served by the public facing webserver.

Having the files owned by a user other than the one I log in as for a
rsync session is causing all sorts of headaches and warnings from rsync.

So I have changed the ownership of all the files and directories to be
foo:foo where 'foo' is the user/group name I login as.  This makes my
life much simpler.  But I have a nagging doubt that I am doing some
thing I will regret.

Perhaps I need to use rsync differently or modify my workflow....

Worik
--
Why is the legal status of chardonnay different to that of cannabis?
       [hidden email] 021-1680650, (03) 4821804
                          Aotearoa (New Zealand)
                             I voted for love

Reply | Threaded
Open this post in threaded view
|

Re: nginx question...

Fred
On 01/19/15 22:25, worik wrote:

> Summary:
>
> The files under /var/www/htdocs are by default it seems all owned by
> root:wheel.  What are the issues with changing that to be a normal user?
>
> The long version....
>
> My work flow involves building a directory structure on another machine
> and using 'rsync' when I am ready to transfer it to the OpenBSD machine
> to be served by the public facing webserver.
>
> Having the files owned by a user other than the one I log in as for a
> rsync session is causing all sorts of headaches and warnings from rsync.
>
> So I have changed the ownership of all the files and directories to be
> foo:foo where 'foo' is the user/group name I login as.  This makes my
> life much simpler.  But I have a nagging doubt that I am doing some
> thing I will regret.
>
> Perhaps I need to use rsync differently or modify my workflow....
>
> Worik
>

rsync [OPTION...] SRC... rsync://user@[WEBSERVER]/var/www/htdocs

should allow you to set the user on the webserver - what errors are you
getting?

nginx runs chrooted by default, which should limit exploits.

I also chmod 644 or 640 if I'm feeling more paranoid all the files below
/var/www/htdocs - although the files are in group www.

hth

Fred

Reply | Threaded
Open this post in threaded view
|

Re: nginx question...

Alexander Hall
In reply to this post by Worik Stanton
On 01/19/15 23:25, worik wrote:

> Summary:
>
> The files under /var/www/htdocs are by default it seems all owned by
> root:wheel.  What are the issues with changing that to be a normal user?
>
> The long version....
>
> My work flow involves building a directory structure on another machine
> and using 'rsync' when I am ready to transfer it to the OpenBSD machine
> to be served by the public facing webserver.
>
> Having the files owned by a user other than the one I log in as for a
> rsync session is causing all sorts of headaches and warnings from rsync.
>
> So I have changed the ownership of all the files and directories to be
> foo:foo where 'foo' is the user/group name I login as.  This makes my
> life much simpler.  But I have a nagging doubt that I am doing some
> thing I will regret.

As long as the files are not modifiable by the webserver, you should be
fine.

Now and then I create user:user directories somewhere under /var/www/...
and create a symlink to it from ~user/www.

/Alexander

>
> Perhaps I need to use rsync differently or modify my workflow....
>
> Worik