> > In general, we have tried to stay away from unix tutorials in the apache > > docs. We need to document Apache, not the operating system. If we try > > to be all things to all people, we will wind up with crappy docs. > > > > Sorry, talking about security means always talking about the underlying > system. I agree with you, that the apache documentation is not the right > place to teach people using their system. But if we are talking about > securing the apache, we schould not only mention the minimum rights. Imho > we should also offer some help, to keep this settings. And umask is a big > help. We may add a sentence like 'For further information read the > corresponding man pages', or something else. > > I've often realized, that the problem isn't really reading the > documentation at a special topic, but more knowing, there is something, > which will help. Give the people a hint.
First describing WHAT you are doing and then describing how you are doing it (on one or more platforms) seems a good idea. This helps people 'porting' docs to other platforms as well. For instance: section 1: securing log files - we want to prevent other users then the server user and administrator from reading the logs section 1.1: Unix settings - change owner - change permissions - set umask section 1.2: Win32 settings - clear the log directory ACL - give write permissions to Administrators - give write acces to "creater-owner" On the other hand you might have sections that are equal for all platforms (like modules). Vincent de Lau [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
