Fine-tuning access
Daniel A.
ldrada at gmail.com
Mon Dec 19 17:37:03 PST 2005
Lately, I've been having an itch to get something cleared up.
I give out free SSH shell accounts to people I know and to people that
I dont know so well, but ask for it. The basic idea is that they get
an account on a FreeBSD server that has lots of disk space, a descent
CPU, but not such a great internet connection (Sadly).
As the happy giver that I am, I also want to provide my users with
web-hosting features.
Mostly everyone knows that some user will at some point want to set up
some kind of PHP+MySQL based web-service, like a bulletin board or a
blog.
When doing so, they need to enter their password and username to the
MySQL server in a config file. For apache running as the www user to
read this, the file has to be quite insecurely chmodded.
I've thought a possible solution for this:
Adding the www user to all my users groups, thus enabling the www user
to read all files chmodded with read permissions for group.
Are there any drawbacks of this solution?
Is there a better solution that I'm not familiar with?
Thanks in advance.
More information about the freebsd-questions
mailing list