Re: Apache and web content permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> Am 02.12.2017 um 22:14 schrieb Nicolas Kovacs <info@xxxxxxxxxxxxx>:
> 
> Le 02/12/2017 à 10:30, Nicolas Kovacs a écrit :
> 
> ==> Reminder: this is actually the question I'm asking in my post.

Oh, we all read (only) what we want :-)


> So I'm finally coming to my question. How problematic is it really to
>> have the apache user and group owning the stuff under /var/www?

"problematic" should be defined by yourself (probability * impact = risk).

to answer lets use a comparison: the root user can write to all /bin/ files.
Executing them will not change the binaries (in a perfect world). What happens 
when something tries to use this fact (write perm) to do malicious things?
Therefore its good practice to work as "non-root" user. So, when the 
httpd user (web daemon) has full write permissions, what happens when
something tries to use this fact (write perm) to do malicious things? 
Anybody that have an eye on the httpd logs knowns that the web is not 
a perfect world. 

Not an direct answer because there is not an absolut one but I hope that
I could express my point of view ...  

--
LF






_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux