Rick Stevens wrote: > > > Both trees (the ServerRoot and all of the DocumentRoots) have to be > readable by the user that Apache runs as. Absolutely NO part of the > ServerRoot should be _writable_ by the Apache user. It should only be > writable by administrative personnel (root, people in the "wheel" > group, etc.). Rick, Thank you for the clear and informative post. I just have one small correction to make. Apache reads its configuration files as root before switching to the unprivileged user and group that it will answer requests as. This can be used to increase security by allowing passwords or other private information to be set as Apache environment variables in files that are only readable by root¹. Applications can then access the private information (e.g. via the $_SERVER array in PHP) without containing its actual value. Access to the environment variables can be controlled by Apache directives (e.g. SetEnvIf) and/or using virtual hosts. ¹ http://www.brianhare.com/wordpress/2011/02/18/hiding-mysql-passwords-in-php-using-apache-environment-variables/ Regards, Matthew Roth InterMedia Marketing Solutions Software Engineer and Systems Developer -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
