Comments (3)
Any reason for running php under the www-data user?
I'm changing permissions as many scripts and webapps like to write into the web folder, I agree with your assessment but don't have many ideas on how to solve this...
from docker.
I'd suggest the following way:
- Run nginx and php-fpm under www-data user by default. This is a standard Debian behavior, no real need to change it.
- If a user wants an insecure script-writable-readable environment for development and testing, he supplies an environment option such as "WEB_WRITABLE=1". Init script detects it and modifies config files or changes permissions accordingly.
I believe silently changing permissions or an owner on a mountable volume is not a good practice. Different web apps may have their own permission requirements.
Your repository is popular. People may use it in production. Either a warning about insecure permissions should be made in a readme or make it secure by default and have a development option. With power comes responsibility.
from docker.
Duly noted, I will take steps to rectify this, I do believe in best
practices and your advice is solid.
If you have any pull requests for changes they're very welcome as I am
unfortunately rather busy with university and it may take me some time to
examine my repository and make the changes needed (I want to do a full
overview of all my packages and clean them up if i can).
Thank you again, Max.
On Wed, Mar 25, 2015 at 12:37 AM, dadittoz [email protected] wrote:
I'd suggest the following way:
- Run nginx and php-fpm under www-data user by default. This is a
standard Debian behavior, no real need to change it.- If a user wants an insecure script-writable-readable environment for
development and testing, he supplies an environment option such as
"WEB_WRITABLE=1". Init script detects it and modifies config files or
changes permissions accordingly.I believe silently changing permissions or an owner on a mountable volume
is not a good practice. Different web apps may have their own permission
requirements.Your repository is popular. People may use it in production. Either a
warning about insecure permissions should be made in a readme or make it
secure by default and have a development option. With power comes
responsibility.β
Reply to this email directly or view it on GitHub
#15 (comment).
from docker.
Related Issues (14)
- Directory structures required etc HOT 2
- Add envvars to PHP-FPM configuration files HOT 1
- Problem of starting docker container HOT 5
- Problem in tiny-tiny-rss:latest: no "git" available HOT 1
- Add docker for DNS-Tunnel? HOT 2
- Certificates for CouchPotato HOT 1
- Nginx error HOT 5
- Cannot upload files larger than 4KB HOT 1
- Tiny Tiny RSS Git URL is outdated HOT 2
- MariaDB canβt be launched (Supervisor error) HOT 4
- Old /config/loop in nginx-php HOT 2
- [phpmyadmin] php5-fpm.sock owned by core HOT 1
- php-fpm.sock Operation permitted HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker.