Re: cannot chang directory to www folder in vsftpd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2005-08-25 at 16:53 -0500, Jeff Vian wrote:
> The next thing you need is for the user to be able to write to
> the /var/www/html directory.
> 
> To accomplish that I make the applicable users members of the apache
> group,  set their umask accordingly (the files created/modified need to
> be group writable so I use 002 for the umask.), and last set
> the /var/www/html directory and contents as group writeable "chmod -R 
> g+w /var/www/html".
> 
> While there are other ways to achieve the same thing this works for me
> and does not change security in any way except to make the /var/www/html
> directory to be group writable by the apache group.  Since the server is
> already able to write to that directory tree as the owner (apache) it
> seems to me to not make a big difference.

Since when? /var/www/html is owned by root by default:

# rpm -qlv httpd | grep /var/www/html
drwxr-xr-x    2 root    root                0 Jul 26 11:14 /var/www/html

Making it writable by the web server is a bad thing as far as security
goes. Having a group able to write to this directory is a reasonable
suggestion, but that group should be a custom one you create for this
purpose (e.g. "groupadd webdev"), not apache.

> If you are running selinux it likely has other ramifications that are
> not addressed above.

Indeed; SELinux will require that the appropriate context is set for
files that need to be accessed via httpd. See "man httpd_selinux".

Paul.
-- 
Paul Howarth <paul@xxxxxxxxxxxx>


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux