In a message dated 6/27/00 4:23:13 PM Eastern Daylight Time,
[EMAIL PROTECTED] writes:
> [EMAIL PROTECTED] wrote:
> >
> > We have a problem with access to /home/httpd/html.
> > Since apache runs as user nobody, I thought adding the group
> > nobody to user "joeuser" would work.
>
> I think a better solution would be to add a new group 'html'
> (or the like) and make joeuser a member but nobody not. Then
> chgrp the appropriate directory trees to html, and chmod them
> to g+w.
At the moment, /home/httpd, & everything below it, has owner=root,
& group=root. I take it that httpd, as nobody, is accessing as "others".
Would there be any advantage to changing user to html
(make a user html, & su to it to change anything),
change group to nobody (with read only privileges), & give "others"
no access at all. I'm a believer that there may not be any such
thing as "too paranoid", but if there is no additional security
advantage, why bother.
>
> When you say 'dropping files in,' do you mean with FTP or
> through the Web server itself? The latter is more dangerous,
> which is why I recommend this second group issue. The Web server
> usually shouldn't have write access to the documents.
At the moment, we are using a graphical file manager to drag & drop.
Either gnome or KDE file managers, or
Samba, & dropping from a M$ machine.
> --
> #ken P-)}
>
Thanks for all the good advice,
Bob Sparks
Linux guru wannabe
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
