Is adding users to the group www-data safe on Debian?

Question

Many PHP applications do self-configuration and self-updating. This requires apache to have write access to the PHP files. While chgrp'ing them all to www-data appears like a good practice to avoid making them world writable, I also wish to allow users to create new files and edit existing one.

Is adding users to the group www-data safe on Debian? For example:

775 root www-data /var/www 644 john www-data /var/www/johns_php_application.php 660 john www-data /var/www/johns_php_applications_configuration_file

gravyface · Accepted Answer · 2010-07-26 15:02:07Z

4

I usually create a group called "webdev" and add my web developer user and www-data to the group and give it the appropriate permissions for the site/directory/files, etc.

answered Jul 26, 2010 at 15:02

gravyface

14k19 gold badges73 silver badges102 bronze badges

2

Good idea, i did not think of going the other way around. Adding the httpd to the developer's group is more logical then the developers in the httpd's group. Thank you.

John
– John

2010-07-26 15:37:58 +00:00
Commented Jul 26, 2010 at 15:37

Add a comment |

Kristopher Ives · Accepted Answer · 2010-07-26 14:32:21Z

-1

Why not use mod_userdir?

answered Jul 26, 2010 at 14:32

Kristopher Ives

4041 gold badge5 silver badges14 bronze badges

mod_userdir dont setuid or setgid apache to the user. Files are still not writable unless they are chmod'ed 777.

John
– John

2010-07-26 14:38:15 +00:00
Commented Jul 26, 2010 at 14:38

Add a comment |

Stack Exchange Network

Is adding users to the group www-data safe on Debian?

2 Answers 2

You must log in to answer this question.

Hot Network Questions

Is adding users to the group www-data safe on Debian?

2 Answers 2

You must log in to answer this question.

Related

Hot Network Questions