emma's questions

I have a small website running on a VPS. I'm using Nginx as a web server (a simple LEMP configuration). But now i have a problem: i have a small php script that needs to be able to write a log every once in a while...and for that to work i've given owner permissions to www-data over /var/www/html/ after i ren chmod -R 755 /var/www/html as root. But once i gave owner permissions to www-data user over /var/www/html/ and i was, obviously, able to run that php script which has to write some logs i started to ask myself: isn't this going to be a HUGE security issue?

So, is making www-data the owner of /var/www/html/ a security issue?

If yes, can you tell me why and what's to be done about it?

Thank you!

I have a small PHP MVC framework which runs on a droplet that uses Ubuntu and I'm trying to make all the URLs 'friendly'. From:

index.php?u=controller/method/param

To:

controller/method/param

For that I'm using a .htaccess file containing this code:

Options -MultiViews
RewriteEngine on

RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?u=$1 [L,QSA]

With this I can make the URL friendly, but the unfriendly URL is still there. Therefore I can access the same content both ways:

index.php?u=controller/method/param

That is the same as:

controller/method/param

How do I force the URL to always be friendly? No more index.php?u=?

I have to schedule a few tasks to run only once in the near future. For that i'm intending to use the at command. I want to schedule those tasks using exec()(or any other recommended method).

But i'm stuck. Trough putty i can manually schedule tasks this way:

user@ubuntu:~# at 09:00am Jul 15 [enter]
at> php /path/to/script.php [ctrl+d]

But i can't figure out a way to do it trough php. Help:-s

I have a small bot currently written in php but i can switch to py if need be.

It basically gathers data from an api about tasks that need to be ran only once in order to be updated the next day at certain unique times

Each day at UTC+0 00:00 i use a cron job to gather that data from the api.

For example a task might need to run at UTC+0 09:00 another one at UTC+0 10:15 and another one at UTC+0 11:30. The next day there are new tasks that need to run at different times.

Now since those tasks are only available for that day i don't think that setting a cron job for each of them at the desired time is a solution and then delete the cron job.

Therefore, how do i run a script just when the task needs to be updated?

For now i'm running a cron job each minute and if there is a task within a minute range i'm running another script that updates that task but that seems messy to me and i'm wondering if i could do something about it.

P.S: I'm using a droplet from digitalocean that runs on Ubuntu 19.04 - disco