On 01/25/2014 07:32 AM, Steven Tardy wrote:
On Sat, Jan 25, 2014 at 7:33 AM, Joseph Hesse joehesse@gmail.com wrote:
I am running a Lamp server on a CentOS 6.5 box. It works fine, I am concerned that I may have the wrong file/dir permissions.
The directories /var and /var/www are root:root and 755.
For /var/www/html and all directories underneath I have apache:apache and 770.
For all files under /var/www/html I have apache:apache and 660.
Are these these permissions OK?
Thank you, Joe _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
the problem with your /var/www/html permissions is the user/group "apache" can write to directories and files. which can be used by anyone on the internet(bad guys) to use potentially exploitable dynamic pages(.php/.cgi/etc) to add/modify files on your server. this is a bad thing. SELinux may offer some protections. i would: chmod -R g-w /var/www/html chown -R somewebuser /var/www/html (replace somewebuser with the unix user account to modify the website.)
http://wiki.apache.org/httpd/FileSystemPermissions _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I now understand, by rtfd, how to set it up so apache owns nothing and does not have write permission. For my understanding, please tell me what a bad guy would have to do to exploit apache having read/write permission. Thank you, Joe