Re: Permissions for LAMP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, Jan 25, 2014 at 7:33 AM, Joseph Hesse <joehesse@xxxxxxxxx> wrote:

> I am running a Lamp server on a CentOS 6.5 box. It works fine, I am
> concerned that I may have the wrong file/dir permissions.
>
> The directories /var and /var/www are root:root and 755.
>
> For /var/www/html and all directories underneath I have apache:apache
> and 770.
>
> For all files under /var/www/html I have apache:apache and 660.
>
> Are these these permissions OK?
>
> Thank you,
> Joe
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>

the problem with your /var/www/html permissions is the user/group "apache"
can write to directories and files. which can be used by anyone on the
internet(bad guys) to use potentially exploitable dynamic
pages(.php/.cgi/etc) to add/modify files on your server. this is a bad
thing. SELinux may offer some protections.
i would:
  chmod -R g-w /var/www/html
  chown -R somewebuser /var/www/html
(replace somewebuser with the unix user account to modify the website.)

  http://wiki.apache.org/httpd/FileSystemPermissions
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux