On Thu, October 14, 2010 10:09, PENIN Guillaume (SNCF Voyages/Direction des Operations SI) wrote: > Hi, > > Many of our application teams ask us to mount the Apache DocumentRoot > FileSystem in Read-only mode for security reasons. In your opinion, does > this have any kind of interest ? Mounting read-only will prevent any change. If your files will never change, this is a good way to ensure the files aren't changed. If files need to be changed, the recommended behaviour is: - Files owned by user different than the user Apache runs as. This user can have full access to the files - Files group-owned by the group Apache runs as. The group should only have read-access (and execute-rights for directories) - Others don't need access - The user or group Apache runs as should only have write access in upload-directories Joost --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|