So far, everytime i was setting up apache server i was adding a user to www-data group and changing ownership of /var/www directory for this group and finally setting SGID for whole directory. This time i have to setup another web server with much more serious stuff (our companys Project Manager) and as ive seen this approach is criticized over the internet. For example here:
As you can see KAMIL user is advising the same approach i was doing and THOMASRUTTER call this solution malicious. However THOMASRUTTER solution is in my opinion too strict as the ftp user wont be able to change ownership of some directories to www-data group.
Also i found another approach based on BINDFS which i found here: http://ift.tt/2jknyTh
So what would be best solution to secure sever if:
- there will be only one site on it
- there will be only one (ftp) user which will change its code
- site has some upload form for files, and creating own directories
- server will be secured by OVPN from outside but also have to be secure enough from inside.
Aucun commentaire:
Enregistrer un commentaire