[Gllug] (no subject)

Jack Bertram jack at jbertram.net
Mon Feb 10 18:43:06 UTC 2003


* Dylan <dylan at dylan.me.uk> [030210 18:36]:
> I'd like to give a user write access to the /srv/www/ directory (on his local 
> machine) so he can easily test local web pages. I figure I can create a 
> group, give the user membership, and change the group of the directory 
> accordingly.

You could do this, yes.  If I were you, I'd give him a home directory
which he can access using the url http://localhost/~user.  If you're
using Apache, this is simple - see mod_userdir.

However, to answer your questions:

> 
> A) Will I also have to make root a member of that group?

You might as well.


> B) Would this create a security loophole?

No, if this is a new group with access to nothing else on the system.
However, I'd keep the user's access to a subdirectory of his home
directory rather than giving him access to files outside it, if I were
you.  It makes things easier to manage.  Plus it reduces changes if you
want to do the same for other users.

> C) Is this what the www group is for?

The www group (and www user) are usually created so that the web server
does not have to run as root, but runs as www.  (It starts as root,
binds port 80 then releases privileges).  Thus, to serve web pages, the
web pages need to be readable by www.  You can use it for what you're
talking about, but a more portable and cleaner solution is what I've
suggested.  IMO, anyway.

jack

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list