0 votes
44 views
by Rookie
closed by
Hi,

I don't like the wordpress files to be owned by www-data, so I made my own script to change file ownership as I see fit. However, every time I add a new site, webinoly resets ownership to all files in the www folder back to www-data

Can you please remove the chown -R www-data /var/www in /lib/sites and replace it with

chown -R www-data /var/www/$domain

(line 552)

So it will only replace ownership in the new installation, not the whole www folder.

Thanks!
closed with the note: Duplicate

1 Answer

–1 vote
by Expert
No, I won't do that!

Wait for the next update, the "internal-api" will be extended and you will be able to add "custom-actions" with every command. Right now it just work with the "stack" command, in the next major update (v1.8.0) of Webinoly it will be extended to all the other commands.

Regards.
by Rookie
Why wouldn't you do that? Chowning all the files to www-data is a bad idea anyway, it's basically the same as chmoding them to 777. A backdoor in one plugin can not only ruin one site, but the whole server will be corrupted. It is a very bad safety practice.
by Expert
This has been discused several times before, please search for those discussions here and github.

The short story is that it makes sense in shared hosting enviroments, not in VPS or dedicated.

Regards.
by Rookie
I have 15+ years of experience with unix/linux, vps and wordpress, I understand how unix permissions work and I have my own brain to figure out what is safe, so I don't need to read discussions about this.

Any php script, accessed through http(s) can write to any file owned by www-data (unles it has the write bit is set to 0, which in your case id doesn't). This means that if anyone who has administration rights uploads a plugin that is infected, or if the wordpress repo is hacked, or a premium plugin update site goes into the wrong hands (happend many times), the attacker can throug an infected file do whatever he pleases to your php files throughout all your server.

Anyway, I am not even asking you to do things my way, I am just asking you not to reset file ownership on all sites every time a new site is created. Why is this a problem.

(I updated your script myself, but I'd like to be able to upgrade without having to reaply my patch every time)
by Expert
Impressive CV!

Thanks for your "expert" advice.
Welcome to the Community site for Webinoly.

If you have a question about Webinoly, please ask in English or Spanish.

To report a bug, please ask a question here with the bug tag.

News: Now you can use any external SMTP service in your server. All the server outgoing emails from any of your websites will be sent through this service.

Donations

Webinoly Support Paypal Donations Webinoly Support Bitcoin Donations

Your regular donations is what keep this project moving forward. If you like Webinoly, buy me a coffee or a beer to show support.

Affiliate Links

It is very important that any visitor to the site read the disclaimer, terms of use and privacy and legal statement before start browsing.

...