slive 2002/09/19 10:45:09
Modified: htdocs/manual/howto auth.html
Log:
The webserver shouldn't be allowed write permissions to files unless
it REALLY needs it.
Submitted by: Hank Leininger <[EMAIL PROTECTED]>
PR: 12822
Revision Changes Path
1.6 +3 -2 httpd-docs-1.3/htdocs/manual/howto/auth.html
Index: auth.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/howto/auth.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -b -u -r1.5 -r1.6
--- auth.html 7 Jun 2002 01:38:01 -0000 1.5
+++ auth.html 19 Sep 2002 17:45:08 -0000 1.6
@@ -308,9 +308,10 @@
that the web server itself can read the file. For example, if
your server is configured to run as user <tt>nobody</tt> and
group <tt>nogroup</tt>, then you should set permissions on the
- file so that only that user can read the file:</p>
+ file so that only the webserver can read the file and only
+ root can write to it:</p>
<pre>
-chown nobody.nogroup /usr/local/apache/passwd/passwords
+chown root.nogroup /usr/local/apache/passwd/passwords
chmod 640 /usr/local/apache/passwd/passwords
</pre>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
