Hi,
Karel Kubat wrote:
> Hi Hiep,
>
> On Dec 12, 2007, at 3:13 PM, Hiep Nguyen wrote:
>
>> i installed apache on centos 5 and i have some questions regarding
>> security for apache. i read security tips on
>> http://httpd.apache.org/docs/2.2/misc/security_tips.html and get the
>> idea, but still need some advices from guru here.
>
>> /etc/httpd/conf/httpd.conf:
>> ServerRoot "/etc/httpd"
>> User apache
>> Group apache
>> DocumentRoot "/var/www/html"
>
>> as of now, /var/www/html/ belongs to root user & group.
>
> Make this apache:apache, it fits better with the User/Group specifiers
> above.
That's got to be a seriously bad move. Doing that will allow the user
that the web server is running as write access to the document root.
Someone posted earlier on the list about creating a group, etc. which
would seem a much better way of handling things.
>> but i have couple developers here that need to upload files to this
>> folder that i don't want to give out the root password. what should i
>> change /var/www/html/ folder to?
>
> Use apache:apache if you think that all developers are trustworthy ;-)
> Definitely not root:root. When you make the ownership change, verify
> that apache:apache may indeed read /var/www/html/.
See above. How are you suggesting the developers upload files? By
adding them to the apache group? Please see a previous post for a much
better solution.
HTH,
Neil.
--
Neil Hillard neil.hillard@xxxxxxxxxxxxxxxxxx
AgustaWestland http://www.whl.co.uk/
Disclaimer: This message does not necessarily reflect the
views of Westland Helicopters Ltd.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|