Re: Apache 2.2.15 says You do not have permission to view [this file]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 29/07/2010 8:35 PM, James Godrej wrote:

This I understand.
But then do other users  not need read write permissions.
There is hardly any thing given on this page
http://httpd.apache.org/docs/trunk/misc/security_tips.html#serverroot
You mentioned ServerRoot not be chowned to Apache.
But if not then to what should it be and there is nothing about Document Root to
be chowned ?
Who should own the Document Root there are many applications I download from
internet in their README pages it says

to chown those directories to apache.
Otherwise it never worked.
What should I do in this situation?




________________________________
From: Eric Covener<covener@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxx
Sent: Thu, 29 July, 2010 10:45:53 PM
Subject: Re:  Apache 2.2.15 says You do not have permission to
view [this file]


Oh man an experienced sys admin told me to do it that way.
Please tell me what is wrong in this and where is this documented on Apache
docs.
I want to read.


This is a general principle -- don't grant more access than necessary.
Apache doesn't need to own files to be able to serve (read) them.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See<URL:http://httpd.apache.org/userslist.html>  for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
Discard the installation instruction for that software, as it's rubbish. See man chmod instead.
Alternately, you can chgrp that resource to the group apache httpd runs as, and grant g+w on that resource.
As a general rule, never allow any application to write in the DocumentRoot path, unless it's done during the installation. Always take the write permissions away afterwards. If you must grant write access, do it outside the DocumentRoot path. 

Is that succinct enough?

Frank

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux