|
|
| (6 versioni intermedie di uno stesso utente non sono mostrate) |
| Riga 1: |
Riga 1: |
| − | {{Bozza}}
| + | #REDIRECT [[meta:Wikimedia Italia/Website/Technical documentation]] |
| − | | |
| − | == Unix user ==
| |
| − | | |
| − | The PHP-FPM application runs with a dedicated Unix user:
| |
| − | | |
| − | <pre>
| |
| − | $ adduser -d /var/www/html -s /sbin/nologin -g apache apache-wmi
| |
| − | </pre>
| |
| − | | |
| − | <pre>
| |
| − | $ id apache-wmi
| |
| − | uid=1439(apache-wmi) gid=1439(apache-wmi) groups=1439(apache-wmi),48(apache)
| |
| − | </pre>
| |
| − | | |
| − | == Hardening ==
| |
| − | | |
| − | <pre>
| |
| − | # first step: make whole application read-only for everyone | |
| − | chown root: -R /var/www/wmi/wordpress
| |
| − | | |
| − | # second step: protect some secrets
| |
| − | chmod o= /var/www/wmi/{tmp,session}
| |
| − | chown apache-wmi: /var/www/wmi/{tmp,session}
| |
| − | chmod o= /var/www/wmi/wordpress/wp-config.php
| |
| − | chown apache-wmi: /var/www/wmi/wordpress/wp-config.php
| |
| − | | |
| − | # third step: allow write-mode on some locations
| |
| − | chown -R apache-wmi: /var/www/wmi/wordpress/wp-content
| |
| − | chown apache-wmi: /var/www/wmi/{tmp,session}
| |
| − | </pre>
| |
| − | | |
| − | == Update ==
| |
| − | | |
| − | Before being able to do an update, run this:
| |
| − | | |
| − | <pre>
| |
| − | chown apache-wmi: -R /var/www/wmi/wordpress
| |
| − | </pre>
| |
| − | | |
| − | When your upgrade is concluded, run again the [[#Hardening]] part.
| |