[CentOS] Simple web server with Apache: web page permissions ?

Olaf Mueller daily-planet at istari.de
Tue Sep 15 16:56:52 UTC 2009


Brian Mathis wrote:

> You are being disingenuous here by selectively editing out the
> relevant quoted text from the same message above, which I will add
> back in as a quote here:
Disingenuous? Seems to me that it is a question of truth for you.

Once again. 'apache:apache' is a risk, but it is not wrong. And
sometimes it is also needed, since webdave, for example, doesn't work
without it. That was what I have tried to work out.

>         > Filipe Brandenburger wrote:
>         > The only files you want writable by Apache are the ones that
>         > a web application needs to write, like session files in PHP
>         > or config file controlled by a web admin interface.
> 
> 
>> By the way, if someone breaks into your server through Apache,
>> apache:apache is your lowest problem, that's my opinion.
>>
>> regards
>> Olaf
> 
> This statement is quite silly.  The type of configuration above could
Thank you, it is my greeting. You are silly too.

> be the vector by which the server is compromised, so it is not at all
> the lowest problem.  In that case it WOULD *BE* the problem.
Don't know why you are screaming here, maybe it is your personality.


regards
Olaf




More information about the CentOS mailing list