On 17. aug.. 2009, at 13.43, Armindo Silva wrote: > Shouldn't be owned by www-data so apache can write there?
No. Allowing the apache user to change or delete its website is no good and allows for much easier hacking/defacing the site(s) on the box. If the apache user cannot write to /var/www, a security bug in the web server won't allow the hacker write access to /var/www, so less harm done. roy -- Roy Sigurd Karlsbakk (+47) 97542685 [email protected] http://blogg.karlsbakk.net/ -- I all pedagogikk er det essensielt at pensum presenteres intelligibelt. Det er et elementært imperativ for alle pedagoger å unngå eksessiv anvendelse av idiomer med fremmed opprinnelse. I de fleste tilfeller eksisterer adekvate og relevante synonymer på norsk. -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
