Re: /var/www/html group & owner (fwd)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Tue, 4 Mar 2008, lists-centos wrote:


for apache to be able to serve the files under the document root it
needs (and should only have) read access to the files (and
read/execute for the directories). the directories/files under the
document root should **not** be owned (or writeable) by the
user/group that the web server is running as. if they are, you have a
security hole should someone break through the webserver (or more
likely poorly written scripts).

so, a good approach is to have the directories/files under
owner/group other than apache (assuming your web server is running as
the apache user), with read-only access given to "world".
assume that i have a user and group named "weber". i'll use "weber" to upload (via ftp) directories/files to /var/www/html/ 

what should /var/www/html/ look like?
also, i have some php include files that i don't want anyone access except apache b/c they contain user/pw to mysql. where should i place them? 

i usually place them in /var/www/html/includes/
someone suggested i place them in /var/www/include/, but my question is what user/group /var/www/include/ belong to? 

thanks
t. hiep




 - Rick

------------ Original Message ------------

Date: Tuesday, March 04, 2008 12:18:56 PM -0800
From: Hiep Nguyen <hiep@xxxxxxxxxx>
To: centos@xxxxxxxxxx
Cc:
Subject:  /var/www/html group & owner

hi again,

[root@dev ~]# ls -all /var/www/
total 64
drwxr-xr-x  8 root      root 4096 Mar  3 11:44 .
drwxr-xr-x 21 root      root 4096 Mar  3 11:44 ..
drwxr-xr-x  2 root      root 4096 Jan 15 20:36 cgi-bin
drwxr-xr-x  3 root      root 4096 Mar  3 11:43 error
drwxr-xr-x  2 root      root 4096 Jan 15 20:36 html
drwxr-xr-x  3 root      root 4096 Mar  3 11:44 icons
drwxr-xr-x 14 root      root 4096 Mar  3 11:44 manual
drwxr-xr-x  2 webalizer root 4096 Mar  3 11:44 usage

currently, html is belonging to root group/owner and httpd is
running under apache user/group.

what should i change html to, so that httpd can run safely under
apache user/group???

or should i change httpd to run under a different user/group???

if i keep httpd running on apache user/group, should i change html
to apache group/owner???

thank you for all your help.
t. hiep


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


---------- End Original Message ----------



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux