From owner-freebsd-questions@FreeBSD.ORG Mon Feb 6 17:37:19 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 803A1106564A for ; Mon, 6 Feb 2012 17:37:19 +0000 (UTC) (envelope-from dick@nagual.nl) Received: from smtpq2.tb.mail.iss.as9143.net (smtpq2.tb.mail.iss.as9143.net [212.54.42.165]) by mx1.freebsd.org (Postfix) with ESMTP id 3C6178FC14 for ; Mon, 6 Feb 2012 17:37:19 +0000 (UTC) Received: from [212.54.42.139] (helo=smtp8.tb.mail.iss.as9143.net) by smtpq2.tb.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from ) id 1RuSVB-0001Lp-Sk for freebsd-questions@freebsd.org; Mon, 06 Feb 2012 18:37:17 +0100 Received: from 524944af.cm-4-2b.dynamic.ziggo.nl ([82.73.68.175] helo=mail.nagual.nl) by smtp8.tb.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from ) id 1RuSVB-0000op-LF for freebsd-questions@freebsd.org; Mon, 06 Feb 2012 18:37:17 +0100 Received: from [192.168.11.34] (192.168.11.34) by yanta (Axigen) with (CAMELLIA256-SHA encrypted) ESMTPSA id 16DB30; Mon, 6 Feb 2012 18:41:51 +0100 Message-ID: <4F300FCD.8070804@nagual.nl> Date: Mon, 06 Feb 2012 18:37:17 +0100 From: dick User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20120129 Thunderbird/10.0 MIME-Version: 1.0 To: FreeBSD Questions Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AxigenSpam-Level: 4 X-Ziggo-spambar: + X-Ziggo-spamscore: 1.2 X-Ziggo-spamreport: BAYES_05=-0.5, FH_HOST_EQ_D_D_D_D=0.665, HELO_MISC_IP=0.001, KHOP_DYNAMIC=0.001, RDNS_DYNAMIC=0.982, TW_RW=0.077 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No Subject: fbsd safety of the ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2012 17:37:19 -0000 I'm a bit confused. I always believed FreeBSD is a very safe system. That may be true for the core files, but what about ports. On the net I read _never_ to let the webserver be the owner of its files and yet, ports like Drupal or WordPress make the files rwx for the owner (www) as well as the group (www). How does this fit into fbsd's safety policy? I guess you might say it's the task of the port maintainer, but isn't there some kind of port acceptance policy? Imho this situation is a bit confusing at least ;-) I'd like to get some info on this if possible.