Sam Keen wrote:
> correct, thanks for the advice. I'll switch it back to 600 and chown
> apache:apache. Can never be to safe.
Personally I'd make it mode 640 owned by root.apache - there is no
reason why apache owned processes should be able to write to that file,
and if there is an uncontrolled apache process on the machine (ie broken
cgi or whatever) then that could be used to lever the trac instance.
Nigel.
>
> Sam
>
> On 5/27/06, bruno modulix <[EMAIL PROTECTED]> wrote:
>> Sam Keen a écrit :
>> > Doh! (thanks for putting up with a newb).
>> > the global was set to 600, chmod'd to 644 and all is fine now.
>> >
>> <ot>
>> Takes care of not having "world-readable" files. This may not be such a
>> problem on a local machine, but for production use you should really
>> restrict access to the owner, and (of course) make your web server's
>> account (apache or whatever it's name is) the owner.
>> </ot>
>> _______________________________________________
>> Trac mailing list
>> [email protected]
>> http://lists.edgewall.com/mailman/listinfo/trac
>>
> _______________________________________________
> Trac mailing list
> [email protected]
> http://lists.edgewall.com/mailman/listinfo/trac
_______________________________________________
Trac mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac
