Nigel Metheringham wrote:
Sam Keen wrote:
correct, thanks for the advice. I'll switch it back to 600 and chown
apache:apache. Can never be to safe.
Personally I'd make it mode 640 owned by root.apache - there is no
reason why apache owned processes should be able to write to that file,
and if there is an uncontrolled apache process on the machine (ie broken
cgi or whatever) then that could be used to lever the trac instance.
Nigel.
Sam
On 5/27/06, bruno modulix <[EMAIL PROTECTED]> wrote:
Sam Keen a écrit :
Doh! (thanks for putting up with a newb).
the global was set to 600, chmod'd to 644 and all is fine now.
<ot>
Takes care of not having "world-readable" files. This may not be such a
problem on a local machine, but for production use you should really
restrict access to the owner, and (of course) make your web server's
account (apache or whatever it's name is) the owner.
</ot>
_______________________________________________
Trac mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac
_______________________________________________
Trac mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac
_______________________________________________
Trac mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac
another point: on debian the apache user is usually called "www-data"...
michael
_______________________________________________
Trac mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac
