[users@httpd] creating and serving temporary files with apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Dear People,

I'm fairly new to apache administraction, so I apologise in advance if this an obvious question.

I am running Apache on Debian Sarge. It is running some CGI scripts, which allow a web client (browser) to upload data, process it, and then return the process results to the client in the form of clickable links which correspond to the results.

Let us assume for the purpose of this question that I have a CGI script along with other web pages, located in /var/www/data, which needs to write temporary files for the purpose described above.

My question is as follows. What is a good place to locate these files, and what permissions should be set on these files?

It seems to be clear that allowing apache's user (namely www-data) write permission to /var/www/data is a bad idea, because it would allow an attacker who obtained the permissions of www-data free access to the web pages there.

However, it is less clear where these files should be put.

First I was thinking of putting them in /tmp, but I am not sure it is a good idea for apache to be serving files from /tmp. Also, we require these files to be preserved over quite long periods of time, and /tmp is cleared on every reboot.

I'm now toying with the idea of putting them in say /var/www/data/tmp, where tmp would be owned by www-data (both user and group www-data), and nobody else would have write access. Actually, disabling read access might be a good idea as well.

What do people think of that? Any other suggestions/opinions?

Thanks in advance. Please cc me on any reply.

                                                                   Faheem.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux