[SATLUG] WordPress / Apache problem on Ubuntu

Daniel J. Givens daniel at rugmonster.org
Wed Jan 19 18:44:13 CST 2011


On 1/19/2011 4:08 PM, Josh Lavin wrote:
> Most servers running PHP do so with some sort of set-user jail, so
> that the PHP pages can be owned by their own user.

Huh? Since when? I've been managing thousands of web servers (literally) 
running PHP and that scenario is hardly ever used.

> You should look at
> suPHP, or else have a separate instance of Apache/PHP for your user
> and set the User/Group directives to that user (but let root own
> Apache itself).

If you're setting up a big shared environment, I could see this. 
However, running multiple Apache instances would require a separate IP 
for each site. If there's no need for SSL, then that is just wasting 
precious resources. If you were really wanting to do user separation, 
you could use php-cgi under FastCGI, each one running as the respective 
user, or use something like httpd-itk.

Either way, I don't want to give my web server any unnecessary write 
access because one missed update could turn your box into a spambot, 
phishing site, or any other thing. And no, you don't need root 
privileges to do that.

> You will find that any other scenario will prevent the WordPress
> automatic update function.

Incorrect. The wordpress auto update uses FTP. That user only needs 
write access. Not the user the web server is running as. See my previous 
reply on what is generally accepted as the best practice for most 
use-cases, at least among my peers.

Sorry to sound flippant.

Daniel


More information about the SATLUG mailing list