Le 03/12/2017 à 23:59, Pete Travis a écrit :
TL;DR my process is:
- Make a list of real humans that need to work on the site
- Assume the web server user should have at least read access on all
files in the site documentroot, or we'd put them somewhere else.
- Make a list of directories (uploads, cache, session files, etc) the
web server must have write access to.
- Use various permissions utilities to make sure humans and web server
can do their assigned work and nothing more.
Wow. Thanks *very* much for your detailed answer. I'll work through that this week.
FYI, I'm the only user with shell access to the server. The user 'microlinux' is my "standard" non-root user on the server. I know I could also have called him 'nkovacs'.
When hosting Wordpress (or Dolibarr, OwnCloud, ...) I don't expect my users to do administrative tasks, because that's precisely my job. They're only expected to *use* this stuff (e. g. write a blog, do their management, share files over the network, etc.). And no, I don't use FTP, only SSH (mostly with key authentication).
Cheers,
Niki