drwxr-x--- 2 www-data www-data 4096 Feb 1 14:18 awstats
drwxr-x--- 18 proxy proxy 4096 Feb 1 13:57 cache
drwxr-xr-x 4 www-data root 4096 Feb 1 14:13 dbdata
drwxr-xr-x 7 www-data root 4096 Sep 29 2014 dokuwiki
drwxr-xr-x 4 root root 4096 Feb 1 13:48 downloads
drwxr-xr-x 2 www-data root 4096 Feb 1 14:02 elgg
drwxr-xr-x 8 root root 4096 Feb 1 14:12 ka-lite
drwxr-xr-x 3 apache apache 4096 Feb 1 14:07 knowledge
drwxrwsrwx 9 www-data www-data 4096 Feb 1 14:06 moodle
drwxr-x--- 3 www-data apache 4096 Feb 1 14:03 owncloud
drwxr-xr-x 3 apache apache 4096 Feb 1 14:08 pathagar
drwx------ 19 postgres postgres 4096 Feb 1 14:09 pgsql-xs
drwxrwxrwx 2 smbuser smbuser 4096 Feb 1 13:58 public
drwxr-xr-x 5 root www-data 4096 Feb 1 14:03 wordpress
drwxr-xr-x 4 root root 4096 Feb 1 13:48 working
drwxr-xr-x 3 root root 4096 Feb 1 13:48 www
drwxr-xr-x 6 root admin 4096 Feb 1 13:59 xs-activity-server
drwxr-xr-x 4 root root 4096 Feb 1 14:12 zims
apache is a user: apache:x:1001:1002::/home/apache:/bin/sh, but these should probably be www-data
further, one reason that people use apache in a redhat os is that it has no login, so provides some security in that apache's permissions can not be obtained by logging in as apache. but this apache has a home and shell declaration, so that security is defeated.
so, for example, apache is in the admin group to make xs-activity-server secure
is wordpress meant to have owner root and group www-data vs dokuwiki which is the reverse?
for comparision, here are the owners on a 6.1 centos install:
drwxr-xr-x 3 apache apache 4096 Feb 1 08:01 awstats
drwxr-x---. 18 squid squid 4096 Jun 28 2015 cache
drwxr-xr-x. 10 apache apache 4096 Nov 22 16:49 content
drwxrwxr-x 4 apache root 33 Nov 10 07:32 dbdata
drwxr-xr-x 7 apache root 4096 Sep 29 2014 dokuwiki
drwxrwxr-x 7 root root 4096 Sep 29 2014 dokuwiki-2014-09-29
drwxr-xr-x 6 root root 4096 Nov 4 07:35 downloads
drwxr-xr-x 4 apache root 49 Jul 1 2015 elgg
drwxr-xr-x 3 root root 23 Dec 16 2015 hiiab
drwxr-xr-x 2 root root 4096 Jan 24 2016 index_assets
drwxr-xr-x 3 root root 52 Jan 15 2016 ka-content2
drwxr-xr-x 8 root root 4096 Oct 20 14:54 ka-lite
drwxr-xr-x 3 root root 25 Aug 30 10:47 ka-lite.save
drwxr-xr-x 8 root root 4096 Oct 20 15:52 ka-lite-test
drwxr-xr-x 3 apache apache 20 Jun 23 2015 knowledge
drwxr-xr-x 7 root root 138 Aug 16 09:20 modules
drwxrwx--- 2 apache apache 6 Nov 10 07:30 moodle
drwxr-x--- 3 apache apache 17 Jun 19 2015 owncloud
drwxr-xr-x 3 apache apache 18 Jun 20 2015 pathagar
drwx------ 19 postgres postgres 4096 Nov 10 07:45 pgsql-xs
drwxrwxrwx 2 smbuser smbuser 6 Jun 19 2015 public
drwxr-xr-x 4 root root 40 Jul 9 2015 rachel
-rwxr-xr-x 1 root root 53 Jan 11 09:31 rsync-zims
drwxr-xr-x 3 root root 17 Dec 29 2015 sugarizer
drwxr-xr-x 4 sugar-stats sugar-stats 50 Jun 24 2015 sugar-stats
drwxr-xr-x 2 root root 6 Jun 19 2015 users
drwxr-xr-x 5 apache apache 4096 Jan 31 03:28 wordpress
drwxr-xr-x 4 root root 30 Jun 27 2016 working
drwxr-xr-x 8 root admin 124 Nov 21 2015 xs-activity-server
drwxr-xr-x 6 root root 60 Jun 19 2015 xs-rsync
drwxr-xr-x 4 root root 50 Jan 10 12:35 zims
actually, I see that apache has no password, so creates a level of security, but /usr/sbin/nologin could be added as the shell. also id could be set to 48 for backwards compatibility
on a fresh vm with debian jessie:
drwxr-x--- 2 www-data www-data 4096 Feb 1 14:18 awstats drwxr-x--- 18 proxy proxy 4096 Feb 1 13:57 cache drwxr-xr-x 4 www-data root 4096 Feb 1 14:13 dbdata drwxr-xr-x 7 www-data root 4096 Sep 29 2014 dokuwiki drwxr-xr-x 4 root root 4096 Feb 1 13:48 downloads drwxr-xr-x 2 www-data root 4096 Feb 1 14:02 elgg drwxr-xr-x 8 root root 4096 Feb 1 14:12 ka-lite drwxr-xr-x 3 apache apache 4096 Feb 1 14:07 knowledge drwxrwsrwx 9 www-data www-data 4096 Feb 1 14:06 moodle drwxr-x--- 3 www-data apache 4096 Feb 1 14:03 owncloud drwxr-xr-x 3 apache apache 4096 Feb 1 14:08 pathagar drwx------ 19 postgres postgres 4096 Feb 1 14:09 pgsql-xs drwxrwxrwx 2 smbuser smbuser 4096 Feb 1 13:58 public drwxr-xr-x 5 root www-data 4096 Feb 1 14:03 wordpress drwxr-xr-x 4 root root 4096 Feb 1 13:48 working drwxr-xr-x 3 root root 4096 Feb 1 13:48 www drwxr-xr-x 6 root admin 4096 Feb 1 13:59 xs-activity-server drwxr-xr-x 4 root root 4096 Feb 1 14:12 zims
apache is a user: apache:x:1001:1002::/home/apache:/bin/sh, but these should probably be www-data
further, one reason that people use apache in a redhat os is that it has no login, so provides some security in that apache's permissions can not be obtained by logging in as apache. but this apache has a home and shell declaration, so that security is defeated.
so, for example, apache is in the admin group to make xs-activity-server secure
is wordpress meant to have owner root and group www-data vs dokuwiki which is the reverse?
for comparision, here are the owners on a 6.1 centos install:
drwxr-xr-x 3 apache apache 4096 Feb 1 08:01 awstats drwxr-x---. 18 squid squid 4096 Jun 28 2015 cache drwxr-xr-x. 10 apache apache 4096 Nov 22 16:49 content drwxrwxr-x 4 apache root 33 Nov 10 07:32 dbdata drwxr-xr-x 7 apache root 4096 Sep 29 2014 dokuwiki drwxrwxr-x 7 root root 4096 Sep 29 2014 dokuwiki-2014-09-29 drwxr-xr-x 6 root root 4096 Nov 4 07:35 downloads drwxr-xr-x 4 apache root 49 Jul 1 2015 elgg drwxr-xr-x 3 root root 23 Dec 16 2015 hiiab drwxr-xr-x 2 root root 4096 Jan 24 2016 index_assets drwxr-xr-x 3 root root 52 Jan 15 2016 ka-content2 drwxr-xr-x 8 root root 4096 Oct 20 14:54 ka-lite drwxr-xr-x 3 root root 25 Aug 30 10:47 ka-lite.save drwxr-xr-x 8 root root 4096 Oct 20 15:52 ka-lite-test drwxr-xr-x 3 apache apache 20 Jun 23 2015 knowledge drwxr-xr-x 7 root root 138 Aug 16 09:20 modules drwxrwx--- 2 apache apache 6 Nov 10 07:30 moodle drwxr-x--- 3 apache apache 17 Jun 19 2015 owncloud drwxr-xr-x 3 apache apache 18 Jun 20 2015 pathagar drwx------ 19 postgres postgres 4096 Nov 10 07:45 pgsql-xs drwxrwxrwx 2 smbuser smbuser 6 Jun 19 2015 public drwxr-xr-x 4 root root 40 Jul 9 2015 rachel -rwxr-xr-x 1 root root 53 Jan 11 09:31 rsync-zims drwxr-xr-x 3 root root 17 Dec 29 2015 sugarizer drwxr-xr-x 4 sugar-stats sugar-stats 50 Jun 24 2015 sugar-stats drwxr-xr-x 2 root root 6 Jun 19 2015 users drwxr-xr-x 5 apache apache 4096 Jan 31 03:28 wordpress drwxr-xr-x 4 root root 30 Jun 27 2016 working drwxr-xr-x 8 root admin 124 Nov 21 2015 xs-activity-server drwxr-xr-x 6 root root 60 Jun 19 2015 xs-rsync drwxr-xr-x 4 root root 50 Jan 10 12:35 zims