Differenze tra le versioni di "Sito/Technical documentation"
< Sito
Jump to navigation
Jump to search
(info) |
m (→Hardening: tab) |
||
| Riga 21: | Riga 21: | ||
# second step: protect some secrets | # second step: protect some secrets | ||
| − | chmod o= | + | chmod o= /var/www/wmi/{tmp,session} |
| − | chown apache-wmi: | + | chown apache-wmi: /var/www/wmi/{tmp,session} |
| − | chmod o= | + | chmod o= /var/www/wmi/wordpress/wp-config.php |
| − | chown apache-wmi: | + | chown apache-wmi: /var/www/wmi/wordpress/wp-config.php |
# third step: allow write-mode on some locations | # third step: allow write-mode on some locations | ||
Versione delle 09:41, 3 mar 2021
Questa pagina è una bozza.
Unix user
The PHP-FPM application runs with a dedicated Unix user:
$ adduser -d /var/www/html -s /sbin/nologin -g apache apache-wmi
$ id apache-wmi uid=1439(apache-wmi) gid=1439(apache-wmi) groups=1439(apache-wmi),48(apache)
Hardening
# first step: make whole application read-only for everyone
chown root: -R /var/www/wmi/wordpress
# second step: protect some secrets
chmod o= /var/www/wmi/{tmp,session}
chown apache-wmi: /var/www/wmi/{tmp,session}
chmod o= /var/www/wmi/wordpress/wp-config.php
chown apache-wmi: /var/www/wmi/wordpress/wp-config.php
# third step: allow write-mode on some locations
chown -R apache-wmi: /var/www/wmi/wordpress/wp-content
chown apache-wmi: /var/www/wmi/{tmp,session}
Update
Before being able to do an update, run this:
chown apache-wmi: -R /var/www/wmi/wordpress
When your upgrade is concluded, run again the #Hardening part.