Re: installiing joomla

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Allegedly, on or about 14 September 2013, Roger sent:
> There is some belief that /var/www/html is sacrosanct.

More to the point is that you don't let a world-accessible server have
write access to files, willy-nilly.  Likewise if it's not actually
"world" accessible, but still widely accessible within a LAN.  If it's
possible for Apache to write to the webspace, because it's foolishly
owned by the apache user, your system is just ripe for being exploited.

> It does not matter which directory you use you still have to have user
> ownership and suitable permsissions in some form.

Yes, and "suitable" permissions are not allowing the server software to
own the files.  Never having experienced the problem doesn't mean that
it's not there, or that you're not vulnerable.  It's a very bad habit to
form, and hard to break once people start forming bad habits.  The fact
that some website may advocate doing dumb things, doesn't make them good
advice.  The internet is full of silly things, with the blind leading
the blind down the garden path, and over the edge of the cliff.

> - Setting up Joolma, Drupal or the like cannot be done unless one is
> root.
> - One has to be root not sudo root.

Nothing particularly unusual there, it's damn sensible that to "set up"
software, one has to have such privileges.  Not a good idea if they have
to maintain such high privileges to "use" the software once installed.

-- 
[tim@localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64

All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.

George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux