Differenze tra le versioni di "Sito/Technical documentation"
< Sito
Jump to navigation
Jump to search
(Creata pagina con "{{Bozza}} == Unix user == <pre> $ # start hardening creating a dedicated user $ adduser apache-wmi $ usermod -aG apache apache-wmi </pre> == Hardening == <pre> # first ste...") |
(info) |
||
Riga 2: | Riga 2: | ||
== Unix user == | == Unix user == | ||
+ | |||
+ | The PHP-FPM application runs with a dedicated Unix user: | ||
<pre> | <pre> | ||
− | $ | + | $ adduser -d /var/www/html -s /sbin/nologin -g apache apache-wmi |
− | $ | + | </pre> |
− | + | ||
+ | <pre> | ||
+ | $ id apache-wmi | ||
+ | uid=1439(apache-wmi) gid=1439(apache-wmi) groups=1439(apache-wmi),48(apache) | ||
</pre> | </pre> | ||
Versione delle 09:33, 3 mar 2021
Questa pagina è una bozza.
Unix user
The PHP-FPM application runs with a dedicated Unix user:
$ adduser -d /var/www/html -s /sbin/nologin -g apache apache-wmi
$ id apache-wmi uid=1439(apache-wmi) gid=1439(apache-wmi) groups=1439(apache-wmi),48(apache)
Hardening
# first step: make whole application read-only for everyone chown root: -R /var/www/wmi/wordpress # second step: protect some secrets chmod o= /var/www/wmi/{tmp,session} chown apache-wmi: /var/www/wmi/{tmp,session} chmod o= /var/www/wmi/wordpress/wp-config.php chown apache-wmi: /var/www/wmi/wordpress/wp-config.php # third step: allow write-mode on some locations chown -R apache-wmi: /var/www/wmi/wordpress/wp-content chown apache-wmi: /var/www/wmi/{tmp,session}
Update
Before being able to do an update, run this:
chown apache-wmi: -R /var/www/wmi/wordpress
When your upgrade is concluded, run again the #Hardening part.