简体繁体 English

www”中所有文件的所有者是用户www-data

[英]Force owner of all files in the folder “/var/www” are user www-data

原文 2014-01-30 20:09:55 7 1 php/ apache/ debian/ sftp/ chmod

I have a dedicated server, installed with Debian, Apache and PHP installed using "sudo apt-get install php5 php5-curl" command. 我有一个专用服务器，使用“ sudo apt-get install php5 php5-curl”命令安装了Debian，Apache和PHP。

You can force all created files in folder and sub-directories are always user www-data? 您可以强制文件夹和子目录中的所有已创建文件始终是用户www-data吗？

If I log into sftp and I send it to a file on FTP, it is always as root, because I'm logged in as root, it is also possible to change, for example, I want to send the file to the server logged in as root but it is his owner www-data? 如果我登录sftp并将其发送到FTP上的文件，则该文件始终以root用户身份登录，因为我以root用户身份登录，因此也可以更改，例如，我要将文件发送至已登录的服务器作为根，但它是他的所有者www-data？

1 个解决方案

Having all files under www-data being owned by the web server - assuming write permissions by default - is dangerous, as a bug in a script or the web server itself could lead to source code injection. 将www-data下的所有文件都由Web服务器拥有（默认情况下假设具有写权限）是危险的，因为脚本或Web服务器本身中的错误可能导致源代码注入。

The files under /var/www shouldn't be owned by the web server unless a certain web application really needs write access to a folder. 除非某个Web应用程序确实需要对文件夹的写访问权，否则/var/www下的文件不应归Web服务器所有。

Even then and especially in a shared hosting environment there are better solutions than making the web server owner of such directories because this would allow every other PHP script - started by the web server - to write into that directory. 即使到那时，尤其是在共享托管环境中，也比使Web服务器拥有此类目录更好的解决方案，因为这将允许由Web服务器启动的所有其他PHP脚本写入该目录。