Ric Moore schrieb:
On Sat, 2006-08-05 at 11:01 +0100, Paul Howarth wrote:
You might consider checking out the UserDir directive in the httpd.conf
file (disabled by default), which would enable your users to host pages
(including PHP) in their ~/public_html directory and access them via
http://server.name/~username/
That would avoid the need to open up /var/www/html.
Confused, what about ownership?? I thought it had to be apache:apache
according to the docs? Just getting mine up as well and I really need to
know. I have no users on my machine, just html to the web. Ric
Imagine there is somewhere a security issue with Apache, PHP, Perl or a
web application: if /var/www/html (and maybe even below) would be owned
apache:apache an attacker could easily deface or in other way manipulate
the web content. That is not good.
Generally the user as which Apache (httpd) runs does not have needs to
be able to write/delete webcontent. In limited cases there must be
specific space for Apache to store data. Then such specific directories
need apache ownership / groupownership.
Alexander
