Arthur Pemberton wrote:
On 6/20/06, Knute Johnson <knute@xxxxxxxxxxx> wrote:
I'm setting up my HTTP server and I'm not sure who should own my html
files. These are not user files but the files I keep in my document
root, /var/www/html. Currently they are owned by root:root.
What about cgi script files in /var/www/cgi-bin? I wouldn't think
you would want them owned by root?
You don't want any of those files owned by root. Ideally, they should
be owned by the user who will be editing them. Otherwise, you can let
them be owned by apache (or whatever your httpd is running as)
You don't want them owned by apache unless you have a web app running
that needs to be able to write to them. It's a security issue otherwise,
since a compromised/broken web server could overwrite your HTML files.
They should be owned by whoever will be editing them, as Arthur said. If
nobody's going to be editing them, having them owned by root is fine.
Paul.