Hi, Karel Kubat wrote: > Hi Hiep, > > On Dec 12, 2007, at 3:13 PM, Hiep Nguyen wrote: > >> i installed apache on centos 5 and i have some questions regarding >> security for apache. i read security tips on >> http://httpd.apache.org/docs/2.2/misc/security_tips.html and get the >> idea, but still need some advices from guru here. > >> /etc/httpd/conf/httpd.conf: >> ServerRoot "/etc/httpd" >> User apache >> Group apache >> DocumentRoot "/var/www/html" > >> as of now, /var/www/html/ belongs to root user & group. > > Make this apache:apache, it fits better with the User/Group specifiers > above. That's got to be a seriously bad move. Doing that will allow the user that the web server is running as write access to the document root. Someone posted earlier on the list about creating a group, etc. which would seem a much better way of handling things. >> but i have couple developers here that need to upload files to this >> folder that i don't want to give out the root password. what should i >> change /var/www/html/ folder to? > > Use apache:apache if you think that all developers are trustworthy ;-) > Definitely not root:root. When you make the ownership change, verify > that apache:apache may indeed read /var/www/html/. See above. How are you suggesting the developers upload files? By adding them to the apache group? Please see a previous post for a much better solution. HTH, Neil. -- Neil Hillard neil.hillard@xxxxxxxxxxxxxxxxxx AgustaWestland http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
![]() |