Re: Re: Running webserver as apache?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: Re: Running webserver as apache?
From: "j k" <jonnykent@xxxxxxxxx>
Date: Fri, 11 Apr 2008 11:14:56 -0700
In-reply-to: <93628F19B825E546B2D04390152ECE6301D39D5D@xxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

On Fri, Apr 11, 2008 at 7:27 AM, <christian.folini@xxxxxxx> wrote:

Hi Mandy,

> I need to know if its a good idea to run webserver as

> user 'apache', have all files in webroot owned by user

> apache and perms 644?

It's not exactly a good idea, but if you are in a situation

where the advantage outweighs the problems, then go ahead.

> Would this still mean that if server runs as apache

> and it has read/write access, someone could take

> advantage of loop holes on the site and overwrite

> some files on our site?

Simply speaking yes.

You may also want to look into the mod_suexec.

regs,

Christian Folini

Hi Christian,

could you point us to any discussion on this topic. I'm interested to know the pros and cons.

Thanks
Jonny

References:
- Running webserver as apache?
  - From: Mandy Singh
- Re: Running webserver as apache?
  - From: Mandy Singh
- AW: Re: Running webserver as apache?
  - From: christian.folini

Prev by Date: is ssl configured?
Next by Date: Re: is ssl configured?
Previous by thread: AW: Re: Running webserver as apache?
Next by thread: configure logs to track source of outgoing requests
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]

Powered by Linux