[GRLUG] recommended permissions/owners for apache files
Godwin
geektoyz at gmail.com
Wed Oct 13 01:00:31 EDT 2010
Many good suggestions here. As for allowing FTP access, use "pure-ftpd".
You can use/require SSL, create virtual users and map them to any real
account (including "apache" or "www") then tailor perms to your heart's
content.
G-
On Oct 12, 2010 4:58 PM, "L. V. Lammert" <lvl at omnitec.net> wrote:
At 03:47 PM 10/12/2010, you wrote:
> > 2. HTML, CSS, JS and PHP files: should these be owned by apa...
NO files should be executable, .. php files are just read by apache and
interpreted; any executable permissions is a BIG security hole.
> > 3. I've also got a number of text files that my php scripts write to.
> > What should the sett...
If you have writable files (sessions, logs, ..), put then in a sub-directory
that is itself apache-writable, .. that way you can localize any risks. Keep
all other directories NON writable by the apache UID.
The subdirectory in only visible in code and then should not appear in the
html returned to the user, again lessening the security risk.
> I don't know if groups are commonly used for this, but it seems like a
> good idea to create a g...
Nope. Groups are used to allow more than one *user* to change files in a
directory - never allow apache write access to any files (except those in
the restricted directory above).
HTH,
Lee
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believ...
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20101013/18766476/attachment.html>
More information about the grlug
mailing list