www-data not exists in centos, what is the replacement?

[vipcxj]

There are many times the www-data is mentioned in the document, but it does not exist in the centos. So many commands in the document are not able to invoked in centos.

[frafra]

The default storage path for Apache on CentOS is /var/www/html. A link to https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout could be included in the documentation.

[t-book]

Some web servers run as www-data. Web content should not be owned by this user, or a compromised web server would be able to rewrite a web site.

www-data is the user that web servers on Ubuntu (Apache, nginx, for example) use by default for normal operation. The web server process can access any file that www-data can access. It has no other importance.

(source)

On many (not all) distributions, www-data is the user under which the Apache web server runs. This also means that everything done by Apache (especially including PHP scripts) will be done with the permissions of user www-data (and also group www-data) by default.

(source)

My guess with nginx you will find the user in /etc/nginx/nginx.conf user nginx; (but have never tested on centos) Then, make sure that the current user and the web user (“nginx”) are allowed to access your app by giving them permissions.

[vipcxj]

After google，I found in the centos, apache is the replacement. However, there is neither no apache use on my centos server . In the end, I just use the root user.

[vipcxj]

Some web servers run as www-data. Web content should not be owned by this user, or a compromised web server would be able to rewrite a web site. www-data is the user that web servers on Ubuntu (Apache, nginx, for example) use by default for normal operation. The web server process can access any file that www-data can access. It has no other importance.

(source)

On many (not all) distributions, www-data is the user under which the Apache web server runs. This also means that everything done by Apache (especially including PHP scripts) will be done with the permissions of user www-data (and also group www-data) by default.

(source)

My guess with nginx you will find the user in /etc/nginx/nginx.conf user nginx; (but have never tested on centos) Then, make sure that the current user and the web user (“nginx”) are allowed to access your app by giving them permissions.

It seems that www-data is used as a group in the document. The document seems said a user called geonode should be create, and add it to www-data group. I am installing the geonode by docker. I think since all web server is in the docker containers, why we need create a user in the host server?

[t-book]

If you do use docker than it's a different story. Be aware of rootless docker mode. https://docs.docker.com/engine/security/rootless/

[vipcxj]

@t-book The document said A geonode user should be created and add to docker and www-data group in the docker install part. I want to know is it a necessory step? For adding user to docker group, I see it in many docker configure tutorials. But why www-data is also need?

[t-book]

Hi @vipcxj no I do not see a need that you host user is added to www-data. However I would strongly suggest getting familiar with permissions of users and groups further to visit the docker docs section regarding running Docker in production:

• https://docs.docker.com/engine/install/linux-postinstall/
• https://medium.com/@mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf

I've never used centos but these steps should cover all you need:

1) https://docs.geonode.org/en/master/install/basic/index.html#id2 2) https://docs.geonode.org/en/master/install/basic/index.html#create-an-instance-of-your-geonode-project 3) https://docs.geonode.org/en/master/install/basic/index.html#startup-the-containers

None of them asks you to deal with www-data

[vipcxj]

this link is shown in the install section of the readme

[t-book]

We're always looking for helping hands for improving the docs. If you like to sharpen the setup for centos and docker a PR is very welcome!

[vipcxj]

@t-book I successfully install the geonode using docker. But I install it using the root user, so most permission Issue will not be problem. I don't sure whether it should be documented.

[t-book]

@vipcxj Just 3 things:

• In case several users manage you're Docker Setup you should create a dedicated user to manage your docker instance
• Be aware that the root inside your container is root outside the container. To be clear in case one of your containers gets hacked and the attacker can manage to escape from container to host everything can be done. To avoid this use docker namespaces. (The docs need an update here) Find here a brief howto: https://gist.github.com/t-book/ad82ed949c12932d86985e0deb3ec3dd as this might be an initial setup only step two is important for you. (in case this is a docker project give invoke.log less restrictive permissions otherwise the setup will fail)
• in case you stay with root <> root be sure to close all not needed ports from outside. Namely 8080 and 5432. I would advise to bind them to your host for example 127.0.0.1:5432:5432 Also take a look at the rabbitmq ports. None of them needs to be public! (all these should be setup in your firewall f.e. UFW)