|
|
(6 versioni intermedie di uno stesso utente non sono mostrate) |
Riga 1: |
Riga 1: |
− | {{Bozza}}
| + | #REDIRECT [[meta:Wikimedia Italia/Website/Technical documentation]] |
− | | |
− | == Unix user ==
| |
− | | |
− | The PHP-FPM application runs with a dedicated Unix user:
| |
− | | |
− | <pre>
| |
− | $ adduser -d /var/www/html -s /sbin/nologin -g apache apache-wmi
| |
− | </pre>
| |
− | | |
− | <pre>
| |
− | $ id apache-wmi
| |
− | uid=1439(apache-wmi) gid=1439(apache-wmi) groups=1439(apache-wmi),48(apache)
| |
− | </pre>
| |
− | | |
− | == Hardening ==
| |
− | | |
− | <pre>
| |
− | # first step: make whole application read-only for everyone | |
− | chown root: -R /var/www/wmi/wordpress
| |
− | | |
− | # second step: protect some secrets
| |
− | chmod o= /var/www/wmi/{tmp,session}
| |
− | chown apache-wmi: /var/www/wmi/{tmp,session}
| |
− | chmod o= /var/www/wmi/wordpress/wp-config.php
| |
− | chown apache-wmi: /var/www/wmi/wordpress/wp-config.php
| |
− | | |
− | # third step: allow write-mode on some locations
| |
− | chown -R apache-wmi: /var/www/wmi/wordpress/wp-content
| |
− | chown apache-wmi: /var/www/wmi/{tmp,session}
| |
− | </pre>
| |
− | | |
− | == Update ==
| |
− | | |
− | Before being able to do an update, run this:
| |
− | | |
− | <pre>
| |
− | chown apache-wmi: -R /var/www/wmi/wordpress
| |
− | </pre>
| |
− | | |
− | When your upgrade is concluded, run again the [[#Hardening]] part.
| |