At 11:30 PM 10/3/02 -0600, Chris Rose wrote:
>In my old system, i think Apache was configured to run as root, but i'm
>not sure. Either way, though, all the files in my httpdocs directory
>are root:root owned, mostly chmod 666:-rw-rw-rw-
>
>In my Apache 2.0 httpd.conf it's set to user:group apache:apache.
>Should i chown all the files?
If they are "mostly" mode 666 (any cgi scripts are probably 777, since they
need to be executable), it hardly matters who owns them, since anyone can
read or write them.
The usual way to run Apache (reasonably) securely is:
A. to run it as a very unprivileged user (a "nobody"-like account
... your "apache" is probably this)
B. to have the files and directories it accesses owned by a
different user (I usually create an account www-data for this purpose).
C. to make the files mode 644 for data, 755 for executable scripts
and directories
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
-------------------------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
