On Tue, Nov 17, 2009 at 10:10:44PM -0800, Keith Lofstrom wrote:
> But in the interim (without sharing my httpd.conf stuff with all
> and sundry) are there other ways (besides incorrectly configured
> wikis) that apache can rewrite static content that incompetents
> like myself should be aware of?
Any web executable with a security hole can write wherever apache
has the rights.
> Are there any issues with setting static content to root ownership
> ( or perhaps to user "foo" ownership ), read only, as long as
> apache can still read it?
A more secure system.
You could set static content to be owned by keithl or any-uid-not-apache
with the same effect. On my system I prefer to use michael. Vanity...
--
Michael Rasmussen, Portland Oregon
Be appropriate && Follow your curiosity
http://www.jamhome.us/
The fortune cookie says:
Q: How many Martians does it take to screw in a light bulb?
A: One and a half.
_______________________________________________
PLUG mailing list
[email protected]
http://lists.pdxlinux.org/mailman/listinfo/plug
