Whenever new modules or updates are downloaded by Drush, the file ownership and permissions are not changed leaving them owned by uid 6226 and readable by the world. Drupal's Admin Guide recommends securing file permissions and ownership so they are owned by the webmaster and readonly by Apache with the exception of the /files directory which needs to be readwrite by Apache. Unfortunately, the script provided there doesn't work on TKL Drupal because it doesn't follow symlinks and leaves the third-party modules unprotected. Hopefully, some future version of Drush will enforce ownership and permissions rules during installation. In the meantime, I'm working on a modified script that will recognize Drush's site-aliases and follow symlinks in a Debian/Ubuntu/TKL installation.
One question I have for the developers is about the advisibility of creating a separate account for the webmaster role. Currently all work on the Drupal appliance is done through the root account. Coming from a RedHat/CentOS background, I'm comfortable working in root and have only been badly burned a couple of times. It took me awhile to get used to working with Ubuntu, but I came to respect the way it handled security. Now I'm wondering if it wouldn't be a good idea to add a webmaster account and give it ownership of all the Drupal files. You've probably already had this debate, but I just had to ask.
Information is free, knowledge is acquired, but wisdom is earned.
Suggestions (cont)
9. Securing file permissions and ownership
Whenever new modules or updates are downloaded by Drush, the file ownership and permissions are not changed leaving them owned by uid 6226 and readable by the world. Drupal's Admin Guide recommends securing file permissions and ownership so they are owned by the webmaster and readonly by Apache with the exception of the /files directory which needs to be readwrite by Apache. Unfortunately, the script provided there doesn't work on TKL Drupal because it doesn't follow symlinks and leaves the third-party modules unprotected. Hopefully, some future version of Drush will enforce ownership and permissions rules during installation. In the meantime, I'm working on a modified script that will recognize Drush's site-aliases and follow symlinks in a Debian/Ubuntu/TKL installation.
One question I have for the developers is about the advisibility of creating a separate account for the webmaster role. Currently all work on the Drupal appliance is done through the root account. Coming from a RedHat/CentOS background, I'm comfortable working in root and have only been badly burned a couple of times. It took me awhile to get used to working with Ubuntu, but I came to respect the way it handled security. Now I'm wondering if it wouldn't be a good idea to add a webmaster account and give it ownership of all the Drupal files. You've probably already had this debate, but I just had to ask.
Information is free, knowledge is acquired, but wisdom is earned.