Disadvantages to having www-data able to log in
I run a tiny web server basically just for hosting small data projects and files. This server has a public IP address.
I would like to be able to FTP in and upload files directly to /var/www/*, and so I'm considering allowing the www-data user to have a password and log in directly. This would also avoid my having to change file ownership every time I do anything in a web directory (which I'm currently doing as root, so there's a security risk there also).
Is there any security risk to allowing the www-data user to log in? If so, what's the best alternative?
I run a tiny web server basically just for hosting small data projects and files. This server has a public IP address.
I would like to be able to FTP in and upload files directly to /var/www/*, and so I'm considering allowing the www-data user to have a password and log in directly. This would also avoid my having to change file ownership every time I do anything in a web directory (which I'm currently doing as root, so there's a security risk there also).
Is there any security risk to allowing the www-data user to log in? If so, what's the best alternative?
No comments:
Post a Comment