updating a drupal site

List overview All Threads
Download

newer

older

Drupal 7 and Page Caching

this code wrecks my site

Dick Hoogendijk

9 Jan 2012 9 Jan '12

3:32 p.m.

If I install the FreeBSD port of drupal all my files are owned by the user the webserver is running under (www). This way Drupal is very capable of updating/installing new core and/or modules.

My question is: is it save(!) to have the files owned by *the user under which your Apache server executes? *

Attachments:

attachment.html (text/html — 525 bytes)

Show replies by date

Jarry

9 Jan 9 Jan

5:15 p.m.

On 09-Jan-12 16:32, Dick Hoogendijk wrote:

...

If I install the FreeBSD port of drupal all my files are owned by the user the webserver is running under (www). This way Drupal is very capable of updating/installing new core and/or modules.

My question is: is it save(!) to have the files owned by the user under which your Apache server executes?

You probably mean "safe"? Personally, the first thing I do after downloading and unpacking new module is $ sudo chown -R root:root <dir> Of course, you'd need shell account, and even root-password.

I do not give users higher access-rights than what they really need. And web-server does not need to be owner of these files (now talking about core and modules)...

Jarry

-- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted.

Mukesh Agarwal

5:28 p.m.

http://drupal.org/node/244924 -- is a very helpful resource for securing file permissions.

On Mon, Jan 9, 2012 at 10:45 PM, Jarry mr.jarry@gmail.com wrote:

...

On 09-Jan-12 16:32, Dick Hoogendijk wrote:

...
If I install the FreeBSD port of drupal all my files are owned by the user the webserver is running under (www). This way Drupal is very capable of updating/installing new core and/or modules.

My question is: is it save(!) to have the files owned by the user under which your Apache server executes?

You probably mean "safe"? Personally, the first thing I do after downloading and unpacking new module is $ sudo chown -R root:root <dir> Of course, you'd need shell account, and even root-password.

I do not give users higher access-rights than what they really need. And web-server does not need to be owner of these files (now talking about core and modules)...

Jarry

This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted. -- [ Drupal support list | http://lists.drupal.org/ ]

-- Cheers, Mukesh Agarwal ________________________________ Innoraft Solutions http://www.innoraft.com || +91 8017220799

5160

Age (days ago)

5160

Last active (days ago)

support@drupal.org

2 comments

3 participants

tags (0)

participants (3)

Dick Hoogendijk
Jarry
Mukesh Agarwal