Re: Who should own html files?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-06-19 at 23:06 -0700, Knute Johnson wrote:
> I'm setting up my HTTP server and I'm not sure who should own my html 
> files.  These are not user files but the files I keep in my document 
> root, /var/www/html.  Currently they are owned by root:root.
> 
Html files -- Does not matter who owns them, only who can read them.
The server must be able to read them for the client.

> What about cgi script files in /var/www/cgi-bin?  I wouldn't think 
> you would want them owned by root?
> 
Same as above,  As long as they are not suid they can only do as much
damage as the user _running_ the script/program (usually the user
running the web server).  If the script/program is suid then it can do
as much damage as its _owner_ could do, whoever that may be.  Ownership
is not nearly as intrusive and dangerous as suid would be. 

> Thanks,
> 
> -- 
> Knute Johnson
> Molon Labe...
> 
> 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux