From owner-freebsd-questions@FreeBSD.ORG Tue Feb 7 22:42:34 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7ADCE106567C for ; Tue, 7 Feb 2012 22:42:34 +0000 (UTC) (envelope-from gull@gull.us) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 1C9D48FC14 for ; Tue, 7 Feb 2012 22:42:33 +0000 (UTC) Received: by werm13 with SMTP id m13so8579965wer.13 for ; Tue, 07 Feb 2012 14:42:33 -0800 (PST) MIME-Version: 1.0 Received: by 10.180.101.37 with SMTP id fd5mr7806627wib.1.1328652928818; Tue, 07 Feb 2012 14:15:28 -0800 (PST) Received: by 10.180.88.130 with HTTP; Tue, 7 Feb 2012 14:15:28 -0800 (PST) X-Originating-IP: [76.104.147.221] In-Reply-To: <4F300FCD.8070804@nagual.nl> References: <4F300FCD.8070804@nagual.nl> Date: Tue, 7 Feb 2012 14:15:28 -0800 Message-ID: From: David Brodbeck To: FreeBSD Questions Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQmT+nRKsfm2xdCZe6fySgACAsYgfHE0/47+CsWThzD1asQz5OZ2Kg/Owamwh8sRmdFT9mbC Subject: Re: fbsd safety of the ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2012 22:42:34 -0000 On Mon, Feb 6, 2012 at 9:37 AM, dick wrote: > I'm a bit confused. I always believed FreeBSD is a very safe system. That > may be true for the core files, but what about ports. > > On the net I read _never_ to let the webserver be the owner of its files and > yet, ports like Drupal or WordPress make the files rwx for the owner (www) > as well as the group (www). How does this fit into fbsd's safety policy? Content management systems are a bit of a sticky wicket for security. The reason for not allowing the web server user to own files is so that someone who hacks a web app can't modify the site contents. But the whole reason for running a CMS system is to allow modifying the site contents via a web app. One compromise, used by TWiki and some other systems, is to make the content writable by web processes but the actual code read-only. That's more secure but it requires a lot of manual intervention for updates and configuration changes. You *can* run WordPress this way, and it will be more secure, but you'll lose the automated update functionality as well as most of the web GUI configuration capability. Not necessarily a problem if you have good command line fu, but it can get tedious.