Differenze tra le versioni di "Sito/Technical documentation"

Da Wikimedia Italia.
Jump to navigation Jump to search
(Creata pagina con "{{Bozza}} == Unix user == <pre> $ # start hardening creating a dedicated user $ adduser apache-wmi $ usermod -aG apache apache-wmi </pre> == Hardening == <pre> # first ste...")
 
(info)
Riga 2: Riga 2:
  
 
== Unix user ==
 
== Unix user ==
 +
 +
The PHP-FPM application runs with a dedicated Unix user:
  
 
<pre>
 
<pre>
$ # start hardening creating a dedicated user
+
$ adduser -d /var/www/html -s /sbin/nologin -g apache apache-wmi
$ adduser apache-wmi
+
</pre>
$ usermod -aG apache apache-wmi
+
 
 +
<pre>
 +
$ id apache-wmi
 +
uid=1439(apache-wmi) gid=1439(apache-wmi) groups=1439(apache-wmi),48(apache)
 
</pre>
 
</pre>
  

Versione delle 09:33, 3 mar 2021

Questa pagina è una bozza.

Unix user

The PHP-FPM application runs with a dedicated Unix user: 

$ adduser -d /var/www/html -s /sbin/nologin -g apache apache-wmi

$ id apache-wmi
uid=1439(apache-wmi) gid=1439(apache-wmi) groups=1439(apache-wmi),48(apache)

Hardening

# first step: make whole application read-only for everyone
chown root: -R       /var/www/wmi/wordpress

# second step: protect some secrets
chmod o=            /var/www/wmi/{tmp,session}
chown apache-wmi:   /var/www/wmi/{tmp,session}
chmod o=            /var/www/wmi/wordpress/wp-config.php
chown apache-wmi:   /var/www/wmi/wordpress/wp-config.php

# third step: allow write-mode on some locations
chown -R apache-wmi: /var/www/wmi/wordpress/wp-content
chown apache-wmi:    /var/www/wmi/{tmp,session}

Update

Before being able to do an update, run this: 

chown apache-wmi: -R /var/www/wmi/wordpress

When your upgrade is concluded, run again the #Hardening part.

Estratto da "https://wiki.wikimedia.it/index.php?title=Sito/Technical_documentation&oldid=965141"