On 2/17/06, pine oil <oil.pine@xxxxxxxxx> wrote: > Hi, > > I installed apache unto a machine running under Fedroa Core 4. > I want to create a user as 'webroot' and designate it as the web > administrator. > > Therefore, I want to change the user and group in httpd.conf to webroot > from apache. Is it necessary in situations like mine? What would be the > consequences of this change, especially in terms of the accessibility of the > files to the outside world and its associated security issues (selinux is > very sensitive and picky). I'm not going to comment on selinux issues, but in general your idea is not a good one. The User/Group specified in httpd.conf should be one with as few priveleges as possible. For a simple website, this User/Group should have the permission to read the web files, and nothing else. If this "webroot" user is the one responsible for editting web files, you should certainly not use it for the User/Group in httpd.conf. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|