Am Fr, den 09.07.2004 schrieb Jack Bowling um 19:19: > Yes, this is heinous thread hijacking but it's at least tangentially related > to the former subject. What are the thoughts on permissions, including ownership, for files and > directories residing on a webserver? Should they all be apache, i.e., the same owner as the running > process? Or would that just make it easier for the perp to change files if they managed to usurp the > running process? Maybe a totally different unprivileged user? Speaking about the main server with DocumentRoot /var/www/html it is ok to have files and directories owned root:root, files chmod 644 and dirs chmod 755. For some applications like phpMyAdmin or Horde/IMP I am using chown root:apache. > Myself, I make all my web files owned by nobody and the running process > owned by apache. All static files have 0400 permissions. Directories must > have 0755. That can't work. If the files are owned by nobody and only readable by nobody, then user apache can't read the files for web serving. Directories don't have to have 0755. If owner and group are different than the user under which the Apache daemon is running, then for other/world +x is enough. As an example, you have running a UserDir configuration then the home of the users have to be chmod 0711 so that apache can access the files under ~/public_html. > Jack Bowling Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435.2.3 Serendipity 21:41:47 up 2 days, 3:50, load average: 0.16, 0.46, 0.48
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil