Date: Mon, 6 Feb 2012 11:46:17 -0600 From: Mark Felder <feld@feld.me> To: freebsd-questions@freebsd.org Subject: Re: fbsd safety of the ports Message-ID: <op.v89qbfem34t2sn@tech304> In-Reply-To: <4F300FCD.8070804@nagual.nl> References: <4F300FCD.8070804@nagual.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 06 Feb 2012 11:37:17 -0600, <dick@nagual.nl> wrote: > I'm a bit confused. I always believed FreeBSD is a very safe system. > That may be true for the core files, but what about ports. > On the net I read _never_ to let the webserver be the owner of its > files and yet, ports like Drupal or WordPress make the files rwx for the > owner (www) as well as the group (www). How does this fit into fbsd's > safety policy? > I guess you might say it's the task of the port maintainer, but isn't > there some kind of port acceptance policy? > Imho this situation is a bit confusing at least I'd like to get some > info on this if possible. In my opinion it's up to the admin to make sure the sites their hosted are setup with proper permissions. If you haven't run into it yet I'd be surprised -- Wordpress/Joomla/etc seem to throw a fit when you don't give them full write access to certain directories (for caching and whatnot) and if you don't have them update via the FTP method they require write access everywhere. This is excluding weird add-ons and plugins that want write access everywhere as well, which I've seen many times. Securing a CMS properly is harder than it should be. Sometimes I feel the safest way would be to run two copies of the site: one that's read-only (including database read only perms) and another that you use for managing, updating, etc. However, now you've alienated anyone from ever being able to comment on your blog....... Security, Low Difficulty, Functionality -- pick two.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.v89qbfem34t2sn>