gpg: failed to create temporary file '/var/lib/lurker/.#lk0x56bcb100.hantslug.org.uk.31854': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Fri Nov 27 18:04:30 2009 GMT
gpg: using DSA key 2099B64CBF15490B
gpg: Can't check signature: No public key
Hi Stephen,
On Fri, Nov 27, 2009 at 10:47:28AM +0000, Stephen Nelson-Smith wrote:
> I have a site running drupal. The apache user therefore needs to be
> able to write certain files (CSS files for example).
>
> I also have a directory under my web root which is a SAN mount, to
> which apache must be able to write.
>
> What is the most secure way to implement this?
You could run PHP under FastCGI with a given user/group. Or run
a new Apache instance entirely under a given user/group on a
high port and reverse proxy it through your port 80 Apache. Or you
could use mpm-itk to run the whole vhost as a given user/group.
> I am thinking:
>
> chown -R root:apache /var/www/html
> chmod -R 0750 /var/www/html
> chown apache:apache for where need to write
Would work but will allow code run by other vhosts to overwrite
files here. Advantage of being simple.
> Is there a better way?
The other ways are more secure but more fiddly. As usual.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
"SCSI is usually fixed by remembering that it needs three terminations: One at
each end of the chain. And the goat." -- Andrew McDonald
