security issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi list,

i installed apache on centos 5 and i have some questions regarding security for apache. i read security tips on http://httpd.apache.org/docs/2.2/misc/security_tips.html and get the idea, but still need some advices from guru here.

/etc/httpd/conf/httpd.conf:

ServerRoot "/etc/httpd"

User apache
Group apache

DocumentRoot "/var/www/html"

as of now, /var/www/html/ belongs to root user & group.

but i have couple developers here that need to upload files to this folder that i don't want to give out the root password. what should i change /var/www/html/ folder to?

i also have a SSI folder (/var/www/html/includes) that i don't want any web user to have access to because these includes files contain user/password to mysql.

for example, at the beginning of /var/www/html/index.php, i have:
<?
include_once('/var/www/html/includes/global.php');
include_once('/var/www/html/includes/connect.php');
?>

i try to prevent web user doing this:
wget http://10.0.0.120/includes/global.php

but at the same time allow apache server to access files in /var/www/html/inclues/ folder.


any idea/suggestion.

thank you,
t. hiep

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux