Date: Saturday, December 02, 2017 22:14:19 +0100 From: Nicolas Kovacs info@microlinux.fr
Le 02/12/2017 à 10:30, Nicolas Kovacs a écrit :
==> Reminder: this is actually the question I'm asking in my post.
So I'm finally coming to my question. How problematic is it really to have the apache user and group owning the stuff under /var/www?
I think very, especially when running something like wordpress. WP has (had) a history of some rather serious security issues. Even if they are resolved, having the user that runs the apache server own (or even have write access to) the directories and files that it has access to leaves you totally vulnerable to someone breaking through the server. I'm not so worried about apache proper (though struts was the equifax vector apparently) but more about any scripting that one may have on the site. All it takes is a bad script or two for your site to be totally taken over.