On Sat, 2006-08-05 at 13:55 +0800, Deepak Shrestha wrote: > Hi, > > is it ok to give full permission to regular users in "/var/www/html" > directory? or is this the way how it should be? > > I am new to managing the apache server. Currently I am learning the > PHP which requires that I should be able to write in "/var/www/html" > directory to check my code and modify it. Right now I have given full > permission to all users in this directory so that I can have full > control over it. > > My question is about security...what if this server is serving online? > Is it secure to do this? > I have tried apache's online documentation too but it doesn't say > anything about this stuff (more on server configurations and others). You might consider checking out the UserDir directive in the httpd.conf file (disabled by default), which would enable your users to host pages (including PHP) in their ~/public_html directory and access them via http://server.name/~username/ That would avoid the need to open up /var/www/html. Paul.