Forum
ServerID, user directory, permissions and such
Ron Jones
13 October 2012, 10:28
I recently discovered Hiawatha, after searching for something light, fast, and secure to upgrade to from Apache. This is a very nice bit of software, and I think I'll be happy with it.
So far, I've only come across one hiccup that I can't figure out with Google: I prefer to designate a single user without sudo privileges (Ubuntu 12.04 LTS) as the web administrator. In my case it's the user 'webadmin,' with a WebsiteRoot = /home/webadmin/public_html/www
I noticed that during a CMS install, the software wanted me to enable write privileges on a directory. Wherupon it used the ServerID of www-data:www-data (the default from hiawatha.conf to write files to said directory.
If I plan to use that single user (webadmin) as the only user under which any websites will be built (could be as many as two
), will it cause me any grief to go in and change hiawatha.conf to 'ServerID = webadmin:webadmin' in order to match my server config? And what about all the other instances of files designated www-data:www-data? If I change the ServerID, will hiawatha change those file permissions? OR.... will I be better off changing the group association (www-data in the webadmin group... OR ...webadmin in the www-data group)? OR... am I missing something simple that makes my concern moot?
Hiawatha version: 8.5
Operating System: Ubuntu Server 12.04 LTS
So far, I've only come across one hiccup that I can't figure out with Google: I prefer to designate a single user without sudo privileges (Ubuntu 12.04 LTS) as the web administrator. In my case it's the user 'webadmin,' with a WebsiteRoot = /home/webadmin/public_html/www
I noticed that during a CMS install, the software wanted me to enable write privileges on a directory. Wherupon it used the ServerID of www-data:www-data (the default from hiawatha.conf to write files to said directory.
If I plan to use that single user (webadmin) as the only user under which any websites will be built (could be as many as two
), will it cause me any grief to go in and change hiawatha.conf to 'ServerID = webadmin:webadmin' in order to match my server config? And what about all the other instances of files designated www-data:www-data? If I change the ServerID, will hiawatha change those file permissions? OR.... will I be better off changing the group association (www-data in the webadmin group... OR ...webadmin in the www-data group)? OR... am I missing something simple that makes my concern moot?Hiawatha version: 8.5
Operating System: Ubuntu Server 12.04 LTS
Hugo Leisink
13 October 2012, 11:08
I think it's best to run Hiawatha as www-data and use different user (webadmin) to own the website files. Make the group www-data the default group for the user webadmin. Make all website files owned by webadmin:www-data. Give group-write-access to those files the webserver needs to be able to write to. I think this is the best combination of security and userability/flexibility.
Ron Jones
14 October 2012, 22:56
That did the trick. Thanks!
Now, I've got a functioning Hiawatha web server. User webadmin's (user ID: 1001) default group is www-data (user ID: 33).
*on one site, I read an opinion that one should change www-data's user ID to something greater than 100 for security purposes. What's your view on that?
I've also got a fresh install of Drupal, and everything seems to be in order (except the "overlay"). Additionally, Monitor and phpMyAdmin are running on a private network (thanks to Hiawatha's "AccessList" feature).
I have not yet begun to configure the site beyond the basic install. Can you recommend some tests (or testing utilities) I can run against my install, some logs to keep an eye on during testing, and high-verbosity settings for said logs?
The base system (in case it's of any use) is:
Ubuntu Server 12.04.1 LTS
PHP5 5.3.10 ('register globals' off, 'memory limit' 128M)
MySQL 5.5.24
Hiawatha v8.5
Once testing is done, if it would be of any value to you, I would be happy to post any configuration file I've got (hiawatha, php.ini, etc).
Thanks again
Now, I've got a functioning Hiawatha web server. User webadmin's (user ID: 1001) default group is www-data (user ID: 33).
*on one site, I read an opinion that one should change www-data's user ID to something greater than 100 for security purposes. What's your view on that?
I've also got a fresh install of Drupal, and everything seems to be in order (except the "overlay"). Additionally, Monitor and phpMyAdmin are running on a private network (thanks to Hiawatha's "AccessList" feature).
I have not yet begun to configure the site beyond the basic install. Can you recommend some tests (or testing utilities) I can run against my install, some logs to keep an eye on during testing, and high-verbosity settings for said logs?
The base system (in case it's of any use) is:
Ubuntu Server 12.04.1 LTS
PHP5 5.3.10 ('register globals' off, 'memory limit' 128M)
MySQL 5.5.24
Hiawatha v8.5
Once testing is done, if it would be of any value to you, I would be happy to post any configuration file I've got (hiawatha, php.ini, etc).
Thanks again
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
