AW: Re: Running webserver as apache?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <users@xxxxxxxxxxxxxxxx>
Subject: AW: Re: Running webserver as apache?
From: <christian.folini@xxxxxxx>
Date: Fri, 11 Apr 2008 16:27:28 +0200
In-reply-to: <8ea40bd50804110705r7e8eabb9ra7abf73058dcc62e@xxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx
Thread-index: Acib3sjU2RRWrYoDRoq4BVR1n/TCOwAAL1lA
Thread-topic: Re: Running webserver as apache?

Hi Mandy,

> I need to know if its a good idea to run webserver as

> user 'apache', have all files in webroot owned by user

> apache and perms 644?

It's not exactly a good idea, but if you are in a situation

where the advantage outweighs the problems, then go ahead.

> Would this still mean that if server runs as apache

> and it has read/write access, someone could take

> advantage of loop holes on the site and overwrite

> some files on our site?

Simply speaking yes.

You may also want to look into the mod_suexec.

regs,

Christian Folini

Follow-Ups:
- Re: Re: Running webserver as apache?
  - From: j k

References:
- Running webserver as apache?
  - From: Mandy Singh
- Re: Running webserver as apache?
  - From: Mandy Singh

Prev by Date: Re: Running webserver as apache?
Next by Date: Re: .cgi as DirectoryIndex?
Previous by thread: Re: Running webserver as apache?
Next by thread: Re: Re: Running webserver as apache?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]

Powered by Linux