DigitalOcean image uses www-data:www-data instead of nobody:nogroup
- Thread starter gilles
- Start date
- Tags digitalocean group user user permissions virtual host template
Hi,
I am not sure if nobody is really recommended , it maybe for static files, but definitely not for PHP scripts
imagine you have 10 sites on "nobody" , 1 site compromise will endanger other 9 , attacker will be able to read the files , that includes like wp-config.php that contains database info.
and if you have 10 sites on 10 different users , then 1 compromised , other 9 will be remain inaccessible to that compromised user , ideally , if you have permission correctly set up.
refer: https://forums.cpanel.net/threads/nobody-ownership-and-security-problems.74670/
you mean use template to create multiple vhosts on different users ?
you can set vhost name as the user name , then use $VH_NAME in suEXEC User/Group in security tab or external app tab "Run as "
I am not sure if nobody is really recommended , it maybe for static files, but definitely not for PHP scripts
imagine you have 10 sites on "nobody" , 1 site compromise will endanger other 9 , attacker will be able to read the files , that includes like wp-config.php that contains database info.
and if you have 10 sites on 10 different users , then 1 compromised , other 9 will be remain inaccessible to that compromised user , ideally , if you have permission correctly set up.
refer: https://forums.cpanel.net/threads/nobody-ownership-and-security-problems.74670/
you mean use template to create multiple vhosts on different users ?
you can set vhost name as the user name , then use $VH_NAME in suEXEC User/Group in security tab or external app tab "Run as "
The recommendation is written in the help bubble for "Running As" in OLS webadmin panel. It says at the end: "A user/group of nobody is generally a good choice."
>> you mean use template to create multiple vhosts on different users ?
Yes
>> you can set vhost name as the user name , then use $VH_NAME in suEXEC User/Group in security tab or external app tab "Run as "
Thanks for this tip.
>> you mean use template to create multiple vhosts on different users ?
Yes
>> you can set vhost name as the user name , then use $VH_NAME in suEXEC User/Group in security tab or external app tab "Run as "
Thanks for this tip.
yes, that's exactly what I meant nobody is good for static files.
Ideally, you make static files readable by nobody, but php script only on specific user like www-data
When you have multiple sites, like a shared hosting, better to set up that way.
But OLS image was designed as single site server, so www-data for its files and process
Ideally, you make static files readable by nobody, but php script only on specific user like www-data
When you have multiple sites, like a shared hosting, better to set up that way.
But OLS image was designed as single site server, so www-data for its files and process