Hi, better would be to let the subdir under /var/www to be owned by user.apachegoup and set to 755.
This way, each user can manage his contents and apache can only read them and show their contents to visitors. Giorgio Il Monday 17 August 2009 14:18:38 Roy Sigurd Karlsbakk ha scritto: > On 17. aug.. 2009, at 13.43, Armindo Silva wrote: > > Shouldn't be owned by www-data so apache can write there? > > No. Allowing the apache user to change or delete its website is no > good and allows for much easier hacking/defacing the site(s) on the > box. If the apache user cannot write to /var/www, a security bug in > the web server won't allow the hacker write access to /var/www, so > less harm done. > > roy > -- > Roy Sigurd Karlsbakk > (+47) 97542685 > [email protected] > http://blogg.karlsbakk.net/ > -- > I all pedagogikk er det essensielt at pensum presenteres > intelligibelt. Det er et elementært imperativ for alle pedagoger å > unngå eksessiv anvendelse av idiomer med fremmed opprinnelse. I de > fleste tilfeller eksisterer adekvate og relevante synonymer på norsk.
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
