On Jul 29, 2010, at 8:35 PM, James Godrej wrote: This I understand.
But then do other users not need read write permissions.
There is hardly any thing given on this page
http://httpd.apache.org/docs/trunk/misc/security_tips.html#serverroot
You mentioned ServerRoot not be chowned to Apache.
But if not then to what should it be and there is nothing about Document Root to be chowned ?
Who should own the Document Root there are many applications I download from internet in their README pages it says
to chown those directories to apache.
Otherwise it never worked.
What should I do in this situation?
If an application tells you you must chown it to Apache, then that's a clear indication that the authors of that application have no concern for security, and the application should be avoided.
|
