Re: apache docroot permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 05/04/2011 02:49 PM, Johan Martinez wrote:
> 
> 
> On Wed, May 4, 2011 at 12:58 PM, Kenneth Porter <shiva@xxxxxxxxxxxxxxx
> <mailto:shiva@xxxxxxxxxxxxxxx>> wrote:
> 
>     User apache only needs read access except under special conditions,
>     such as
>     a script that needs to store configuration in a file. And a lot of apps
>     store their state in a DB so they don't need filesystem write access at
>     all.
> 
>     Set the permissions as strict as possible, so that if an attacker
>     finds a
>     bug in apache, he does as little damage as possible.
>     _______________________________________________
>     CentOS mailing list
>     CentOS@xxxxxxxxxx <mailto:CentOS@xxxxxxxxxx>
>     http://lists.centos.org/mailman/listinfo/centos
> 
> 
> 
> Thanks for the suggestions Richard and Kenneth. I installed drupal here
> and it requires user running apache to have write access on filesystem.
> Otherwise it complains: 'The directory sites/default/files is not
> writable'. The content editors/developers need write access to
> theme/pictures folders. So it seems like I can't avoid giving write
> access to apache user. Any hacks or tips here?

You may not need it in this case, but you can set up your mount using
acls, then use setfacl to assign more than just one group or user to
have permissions on a directory.  You can keep that in mind if httpd
gets upset about having a different group than apache.

http://computernetworkingnotes.com/rhce_certification/acl.htm

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux