On Sun, 2002-05-05 at 00:35, Rich Cloutier wrote: > > I don't know what you were running, but PHPNuke just plugged a large > security hole because of this. > > Oh, and BTW, even apache doesn't have permission to write to most of my site > :)
This is a good point. I run my webserver as www-data, but almost all of my files are owned by root/me/my wife, and chmod 744 (a lot of my stuff is actually 444). That way, the webserver can serve them, but can't modify them in any way. The only exceptions to this are a few files that www-data has to write to, like a counter data file and things like that. I can't think of any good reason that apache would need to modify any files. C-Ya, Kenny ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
