[pkg-horde] How-to Horde in Debian Wiki

Gregory Colpart reg at evolix.fr
Wed Jul 11 17:29:04 UTC 2007


On Wed, Jul 11, 2007 at 10:21:10AM +0200, Ola Lundqvist wrote:
> I think they are really good. Just one thing that I do not understand
> and that is the following part:
> Secure /etc permissions:
> # chgrp www-data /etc/horde
> # chmod 750 /etc/horde
> Why should the files there be group-owned by www-data? Do you just want
> www-data to be able to read it? If this is the case, should this
> be the default behaviour?

I want www-data to be able to read/enter in /etc/horde/ directory
*but* no read/enter right for all users. In
/usr/share/doc/horde3/README.Debian, there is:

      An additional approach is to make Horde's configuration files owned by
      the user ``root`` and by a group which only the webserver user belongs
      to, and then making them readable only to owner and group.  For example,
      if your webserver runs as ``www-data.www-data``, do as follows::

         chown root.www-data config/*
         chmod 0440 config/*

The command "chgrp www-data /etc/horde && chmod 750 /etc/horde" applies the
same idea and I think it's more easy for secure horde config (backend
passwords, secrete parameters...). You change one time owner group & right
and it's OK for ever, even when you install new Horde modules.
It should probably be the default behaviour.

Gregory Colpart <reg at evolix.fr>  GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/

More information about the pkg-horde-hackers mailing list