Hi all,
I'm running OwnCloud v8.2.1 on my FreeBSD server.
As those of you who use owncloud may know, the package includes a command-line utility to perform various maintance tasks that is quite useful.
For some reason, the script was changed awhile back so that it
only runs as the apache user. I had quite a bit of difficulty getting the syntax correct but finally I figured out that this works:
Code:
$ sudo su -m www -c './occ status'
But some commands I still can't get working again:
Code:
$ sudo su -m www -c './occ files:scan --all'
Home storage for user root not writable
Make sure you're running the scan command only as the user the web server runs as
Aside from the specifics of this, which I should probably ask about on the owncloud forums, I am trying to understand the security benefits of forcing a script like this to be run as the apache user. As a server admin, I take security seriously, but the idea behind this strategy completely eludes me. I've never encountered it on a server before. Normally, one can run anything as root, no?
Can someone enlighten me?
Thanks