I'm migrating a lot of stuff from my old/main server into a VM and in process trying to follow better security practices such as not having stuff just happen as root all the time.
On particular example is I have a php script that is used to edit spam filters for spamassassin. It's just an utility that makes it easier to blacklist emails, add new keyword rules etc... it then generates a .cf file that spamassassin reads. So the .cf file it generates needs to be writable by apache, but also needs to be readable by the spamassassin user. I could just chmod it 777 or w/e, but I want to do it right. How would I go about giving this kind of access? Or do I not have a choice but to chmod it in such a way that it is world writable? I can probably just make it owned by apache:apache and have it be read only for everyone else, but even that still feels dirty. If it was NTFS it would be simple, just add both users to it and be done.
It's a local server so not a huge deal, but I still prefer to know how to do things right, may as well start this fresh VM off to a good start. The old server had lot of bad habits like all the web apps sql stuff running as root user etc.
On particular example is I have a php script that is used to edit spam filters for spamassassin. It's just an utility that makes it easier to blacklist emails, add new keyword rules etc... it then generates a .cf file that spamassassin reads. So the .cf file it generates needs to be writable by apache, but also needs to be readable by the spamassassin user. I could just chmod it 777 or w/e, but I want to do it right. How would I go about giving this kind of access? Or do I not have a choice but to chmod it in such a way that it is world writable? I can probably just make it owned by apache:apache and have it be read only for everyone else, but even that still feels dirty. If it was NTFS it would be simple, just add both users to it and be done.
It's a local server so not a huge deal, but I still prefer to know how to do things right, may as well start this fresh VM off to a good start. The old server had lot of bad habits like all the web apps sql stuff running as root user etc.
Last edited: