[CentOS] Simple web server with Apache: web page permissions ?
Olaf Mueller
daily-planet at istari.de
Tue Sep 15 15:58:14 UTC 2009
Filipe Brandenburger wrote:
> On Tue, Sep 15, 2009 at 06:39, Ralph Angenendt
> <ralph.angenendt at gmail.com> wrote:
>> On Tue, 2009-09-15 at 10:20 +0200, Niki Kovacs wrote:
>>> I remember having setup some web servers on Debian, and the
>>> tradition was that everything under /var/www/html (as in this
>>> example) was to be owned by user www-data and group www-data.
>>>
>>> What's the "tradition" with RHEL/CentOS?
>>
>> apache:apache - at least that is the UID/GID the webserver runs
>> under.
>
> That's wrong. If your files are owned by Apache, any user that can
> break into your server through Apache will be able to change those
> files (i.e., deface your website).
Why wrong? Concerning webdav, how would you get write acces for users to
write to directories?
Now I am a little bit confused, is your answer under
http://www.linux-archive.org/centos/354005-webdav-centos.html also
wrong now? You recommended apache:apache for webdav there.
By the way, if someone breaks into your server through Apache,
apache:apache is your lowest problem, that's my opinion.
regards
Olaf
More information about the CentOS
mailing list