[pkg-horde] How-to Horde in Debian Wiki
Gregory Colpart
reg at evolix.fr
Wed Jul 11 17:29:04 UTC 2007
Hi,
On Wed, Jul 11, 2007 at 10:21:10AM +0200, Ola Lundqvist wrote:
>
> I think they are really good. Just one thing that I do not understand
> and that is the following part:
>
> Secure /etc permissions:
>
> # chgrp www-data /etc/horde
> # chmod 750 /etc/horde
>
> Why should the files there be group-owned by www-data? Do you just want
> www-data to be able to read it? If this is the case, should this
> be the default behaviour?
I want www-data to be able to read/enter in /etc/horde/ directory
*but* no read/enter right for all users. In
/usr/share/doc/horde3/README.Debian, there is:
8<----------------------------------------------------------------------------
An additional approach is to make Horde's configuration files owned by
the user ``root`` and by a group which only the webserver user belongs
to, and then making them readable only to owner and group. For example,
if your webserver runs as ``www-data.www-data``, do as follows::
chown root.www-data config/*
chmod 0440 config/*
8<----------------------------------------------------------------------------
The command "chgrp www-data /etc/horde && chmod 750 /etc/horde" applies the
same idea and I think it's more easy for secure horde config (backend
passwords, secrete parameters...). You change one time owner group & right
and it's OK for ever, even when you install new Horde modules.
It should probably be the default behaviour.
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list