On 07-08-17 14:25 -0400, Anthony Wlodarski wrote: > Let us talk about theoretical here. If the owner of the web root folder is > "root" (/var/www/html), should it be changed to the Apache group that is > created normally. I did a few checks in the /etc/group file and the apache > group does exist as well my account on the box is part of that group, should > the web root group be changed apache to make sure that only users of the > Apache group have controls?
generally, you only want the apache user to have read access to your files, and read + traverse (execute) access to your directories, the exception is cgi scripts & the like, where it also needs +x on files i tend to leave /var/www/html alone because if you use a package manager, it will think it owns it (it is where it puts the "congratulations, apache works!" page). in my /var/www root also owns the default webalizer directory & a bunch of other installed apps for user-installed sites, i always use VirtualHosts, and i always create a custom user and group to own them, for the access control benefits i described. most distros make this easy by including /etc/httpd/conf.d/* from the system-installed httpd.conf _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
