[vox-tech] Groups and Users?

Henry House vox-tech@lists.lugod.org
Tue, 9 Apr 2002 11:54:09 -0700 

--8P1HSweYDcXXzwPJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 09, 2002 at 11:35:18AM -0700, ALLO (Alfredo Lopez) wrote:
> I have a couple of Bioinformatics applications that are accessed through a
> Web server.  Some of the folders have as the User and Group: root; others
> have:1000 and another set has User:543  Group:63.=20
> Why do I have this weird (at least to me) collection of users and groups?=
  I
> guess that those that have root, have it because I was root when I created
> them, but the others?=20

That often happens when software is moved from one system to another via NFS
or tar. On the source system, those user and group numbers are defined, but
on the destination they are not.

> Do I need to change everything to root or something else?  Does it matter?
> Is there a "good practice" rule that I can follow?  I will appreciate any
> insight, links to sites where I can learn more about this, book suggestio=
ns
> etc.

Yes, you should change the ownership so that only names users and groups
appear, not numbers.

What to use? It depends on what user and group are used by the web server.
(Consult 'ps aux | grep <daemon name>'.) The best practice (default on
Debian) is to run apache as www-data:www-data.  Then, if files need to be
read by the www server, either mode 555 (files owned by root:root) or mode
550 (files owned by root:www-data) will work.

It is a bad idea for the web files to be owned by the www server's user or
group, because of the principle of "don't grant more permissions to a daemon
than necessary". Similarly if a file must be writable by the www server, use
the minimum permissions: ownership by root:www-data, mode 660.

--=20
Henry House
The attached file is a digital signature. See <http://romana.hajhouse.org/p=
gp>
for information.  My OpenPGP key: <http://romana.hajhouse.org/hajhouse.asc>.

--8P1HSweYDcXXzwPJ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8szjQKK1cAVjXujwRAsMQAKDRo5f86CjIaOPDAAGMWg2WQZvungCeI+AU
LEAyBmLayDOV0R7OpE2zmrk=
=H3bR
-----END PGP SIGNATURE-----

--8P1HSweYDcXXzwPJ--