Re: Simple web server with Apache: web page permissions ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Filipe Brandenburger wrote:

> On Tue, Sep 15, 2009 at 06:39, Ralph Angenendt
> <ralph.angenendt@xxxxxxxxx> wrote:
>> On Tue, 2009-09-15 at 10:20 +0200, Niki Kovacs wrote:
>>> I remember having setup some web servers on Debian, and the
>>> tradition was that everything under /var/www/html (as in this
>>> example) was to be owned by user www-data and group www-data.
>>>
>>> What's the "tradition" with RHEL/CentOS?
>>
>> apache:apache - at least that is the UID/GID the webserver runs
>> under.
> 
> That's wrong. If your files are owned by Apache, any user that can
> break into your server through Apache will be able to change those
> files (i.e., deface your website).
Why wrong? Concerning webdav, how would you get write acces for users to
write to directories?

Now I am a little bit confused, is your answer under
http://www.linux-archive.org/centos/354005-webdav-centos.html also
wrong now? You recommended apache:apache for webdav there.

By the way, if someone breaks into your server through Apache,
apache:apache is your lowest problem, that's my opinion.


regards
Olaf

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux