Is it Secure to Grant Apache User Ownership of Directories & Files for Wordpress

file-permissions apache-2.2 wordpress

Solution 1:

In my opinion, whether you can consider this safe (not secure), vastly depends on your use case, your users and your environment. Let me put it this way: If you are planing to provide web hosting for paying customers and not happen to be in a closed-down infrastructure or behind an unbelievable sophisticated WAF or IPS, you would probably consider this insecure. Here i am not referring only to the writeable directories, but to using mod_php, which you seem to do. Then again, if you are just setting up a small webhosting for your friends and family, expect some ten hits per week and really have no time, you will be probably be fine (however i would recommend using some available shared hoster, in this case).

More secure alternatives run each user's PHP execution under his own user rights. The most common examples would be:

  • suPHP, which is rather secure, but slow as snail mail.
  • Apache + MPM ITK, which is quite simple to setup but not so widely tested (in contrast to MPM Worker or MPM Prefork). Personally, I would not use this in a production environment.
  • A FastCGI + PHP Environment, either with mod_fastcgi or mod_fcgid.

Depending on your users/environment/..., i would recommend to lock down your box. In the FastCGI scenario you should use chroot and could harden your system further using Linux security enhancements (eg 1, 2, 3).

But once again: You can really spend a good deal of time on this. Consider using a shared-hosted environment from a good hoster, who will do this for you, before putting an insecure box out in the wild.

Solution 2:

I am almost certain I have answered this before, but I can't find the question to link to.

You shouldn't be asking is it secure if you do nnn. Security is never a binary value, and you almost always need to apply a more detailed analysis. The question you should ask is doing nnn more or less secure then the alternative.

Yes, changing the ownership of files so Apache can write to the does increase the potential for problems, but that simply isn't the only factor.

A much bigger concern if you don't change the ownership, will you be willing to put in the effort to keep the web-application updated and patched. If you don't have the tools or ability to keep it up-to-date and patched using only the CLI, then that is a potentially much larger security problem, then the problems you might have as a result of the more permissive filesystem permissions.

I don't have a link/reference, but I believe I read somewhere that many things are compromised because patches for known vulnerabilities are not applied in a timely manner. OTOH, weak filesystem permissions usually only come into play as a result of a bug/issue in an web application.

Ideally, if you have a requirement for extremely strong paranoid security you would have extremely locked down permissions, and applications very up-to-date, but if I had to choose one, I would generally try to have all the patches installed.

You of course need to make your on decision based on the potential risks, and a realistic understanding of how you will be updating and maintaining the system.

Related

RDS Replication across regions
Can I create a pf rule involving MAC address instead of IP?
Scaling out within a VMware host - add vCPUs or VMs?
How do I force ntfsresize to ignore the backup bootsector?
What permissions do I need if IIS Manager is blank or empty?
Outlook Encrypted Emails boo boo
Apache httpd workers retry
write permission denied via filezilla sftp to /var/www/html
How should an experienced Windows SysAdmin learn Linux? [closed]
MySQL Not Reading Symlinks for Options Files my.cnf
How to disable multiple form submit (POST) in IIS
Extremely slow resync rate of DRBD on dedicated gigabit