On Tue, 2011-08-09 at 23:03 +0200, Leonard den Ottolander wrote:
Hello Craig,
On Tue, 2011-08-09 at 08:44 -0700, Craig White wrote:
I'm quite sure that if all the files are owned by the 'department_a' group and 'readable' by user apache as I have indicated,
- create mask 664 & directory mask 775
Perhaps I should have made explicit in my post that I wouldn't recommend such file permissions. Apache accessing files with world permissions is ugly and it makes it impossible to run f.e. php with safe_mode or have apache write files other than by allowing the world write access. Which is why I described that setup with a shared group.
---- please explain to me how the above octal permissions with user root & group department_a translate to giving apache write access or even world write access.
For that matter, please explain how if any html directory served by apache (runs as user/group apache/apache)...
user/group root/department_group files 0664 directories 1775
are in any way vulnerable to world write access or otherwise represent an insecure configuration because I want to learn.
I think this is reasonably secure configuration.
Craig