Re: File Permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2007-02-20 at 07:11 -0500, Jim Cornette wrote:
> Why would you not want apache to own the files? I have a server that
> is in a sandbox which works fine when files are owned by apache. The 
> permissions are set to 644.

Sure, it'll read them fine, like that.  But if there happens to be an
exploit in the server, or a script that is accessed through the server,
then it can re-write the files (potentially, maliciously).  If they're
owned by something else, it can't do so.

> Doesn't apache serve the files but the viewer of the file is
> requesting the files with different permissions?

We have three basic permission groups:  Owner, a group, and other.  As
far as HTTP serving is concerned, it's "other" people accessing the
files.  Those permissions apply to them, they should only get read
access.

Of course this means some work is involved in writing new files to the
webserver.  One can make the HTML directory owned by the author, if you
trust them not to make mistakes.  You can create user-owned
sub-directories in it.  You can create files in your homespace, and
serve them from there, or copy them to the HTML directory.  Probably a
sensible solution is to make a new webauthors group, and let them own
the HTML directory with rwx permissions.

-- 
(This PC runs FC4, my others FC5 & FC6, in case that's important
 to the thread)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux