OSX Server, Wordpress Users and Permissions [closed]

https://stackoverflow.com/questions/17791600

03-06-2022
|

Domanda

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

We don’t allow questions about general computing hardware and software on Stack Overflow. You can edit the question so it’s on-topic for Stack Overflow.

Closed 8 years ago.

Improve this question

I am a very long time mac user. But permissions and web servers have been a constant source of confusion for me.

I have mySQL, python PHP and all of that running very well on my server. (OSX 10.8.4 with server installed)

The built in web server works great. The PHP runs just fine. I even got Wordpress running 85% of the way. But I had to start manually hacking my way into the permission. Here is what I would like to know.

It actually runs better if I just start to set everything to everybody an write and read. But Im certain that is a stupid move from a security standpoint.

I have noticed that Wordpress fails to alter certain files and fails to create files. SO I assume i have a permissions problem.

What user is the web server itself? (I log into my mac as me not root or wheel etc.)
What is wheel, admin, everyone?
I have searched the web looking for a guide for this user stuff but iI cant find one. Does anyone know where a nice "teach me' might be hiding?

Any other guidance on this would be greatly appreciated.

Soluzione

You're right to be concerned about setting read/write to everyone. This is a huge security risk.

The wheel group is the BSD group that can access the sudo command, as OSX is fully BSD compliant. See here. So a user in the wheel group can access root and call commands requiring root privileges.

I suggest you read up on BSD permissions. They're really not that difficult to understand.

For OSX, by default, there is no actual root account for logging in. Users are either members of the Standard User group or the Admin group.

By stating that you're using the 'built in web server' I'm going to assume that you mean Apache, but correct me if I'm wrong. With this assumption, you can run the following command in terminal to see who the user is that Apache is running as: -

ps aux | grep -v grep  | grep apache

From that, you should be able to start setting privileges to the user of the webserver and not everyone.

Autorizzato sotto: CC-BY-SA insieme a attribuzione

Non affiliato a StackOverflow