On 8/5/06, Deepak Shrestha <d88pak@xxxxxxxxx> wrote:
Hi, is it ok to give full permission to regular users in "/var/www/html" directory? or is this the way how it should be? I am new to managing the apache server. Currently I am learning the PHP which requires that I should be able to write in "/var/www/html" directory to check my code and modify it. Right now I have given full permission to all users in this directory so that I can have full control over it. My question is about security...what if this server is serving online? Is it secure to do this? I have tried apache's online documentation too but it doesn't say anything about this stuff (more on server configurations and others). Thanks --
hey, You should not give full permissions to the users on /var/www/html directory but you should give whatever rights to the users on the directory which you have created under /var/www/html for example testing By default permissions on html directory is below that means all the users have the read and execute permission on the html directory drwxr-xr-x 24 root root 4096 Jul 31 18:06 html Now if you want to give the users permissions on testing directory under /var/www/html directory then whatever permissions are necessary for your software you give like read for all but write only for the owner drwxr--r-- or read & execute for all the users drwxr-xr-x change the group of the directory to apache so that there should not be any problem in executing the software through web. Regards Ankush Grover