fbsd safety of the ports
Mark Felder
feld at feld.me
Mon Feb 6 17:46:30 UTC 2012
On Mon, 06 Feb 2012 11:37:17 -0600, <dick at nagual.nl> wrote:
> I'm a bit confused. I always believed FreeBSD is a very safe system.
> That may be true for the core files, but what about ports.
> On the net I read _never_ to let the webserver be the owner of its
> files and yet, ports like Drupal or WordPress make the files rwx for the
> owner (www) as well as the group (www). How does this fit into fbsd's
> safety policy?
> I guess you might say it's the task of the port maintainer, but isn't
> there some kind of port acceptance policy?
> Imho this situation is a bit confusing at least I'd like to get some
> info on this if possible.
In my opinion it's up to the admin to make sure the sites their hosted are
setup with proper permissions. If you haven't run into it yet I'd be
surprised -- Wordpress/Joomla/etc seem to throw a fit when you don't give
them full write access to certain directories (for caching and whatnot)
and if you don't have them update via the FTP method they require write
access everywhere. This is excluding weird add-ons and plugins that want
write access everywhere as well, which I've seen many times.
Securing a CMS properly is harder than it should be. Sometimes I feel the
safest way would be to run two copies of the site: one that's read-only
(including database read only perms) and another that you use for
managing, updating, etc.
However, now you've alienated anyone from ever being able to comment on
your blog.......
Security, Low Difficulty, Functionality -- pick two.
More information about the freebsd-questions
mailing list