On Tue, 3 Aug 1999, Lamar Owen wrote:
LO> 3.) You may or may not want the HTTPD_RUN_USER to actually own the
LO> tables in question -- however, you will have to GRANT the perms desired.
AS I mentioned previously, there's currently no way to prevent user httpd
(or whoever under which httpd is running) to create tables. This is not a
serious security risc, AFAIC, but a risc of running over file quotas.
LO> In the case of AOLserver, the connections from the aolserver process
LO> (nsd) are pooled and are made with the userid of 'aolserver'. For
LO> AOLserver, all files the nsd process (singular, since AOLserver is
LO> multithreaded) accesses are owned by 'aolserver' and chmod'd 600.
LO> AOLserver uses a tcl API -- those files (*.tcl and *.adp) are also
LO> chmod'd 600, as AOLserver does its own interpreting -- php may need
LO> execute permission; I don't know.
Well, I suppose web site files should NOT be owned by httpd user, but only
readable (and, if needed, executable bu it) via group -- so permissions
should be 640 or 750, respectievly. This prevents possibility to change
web-content from erroneous cgi script, for example.
[All of above is just my $.02 :)]
Sincerely,
D.Marck [DM5020, DM268-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
------------------------------------------------------------------------
