Hi,
I have a series of websites hosted on two CentOS 7 servers, using Apache virtual hosts. One of these servers is a "sandbox" machine, to test things and to fiddle around.
On the sandbox server, I have a few dummy websites I'm hosting.
# ls /var/www/html/ default phpinfo slackbox-mail slackbox-site unixbox-mail unixbox-site
Since Apache is running as system user 'apache' and system group 'apache', I thought it sensible that hosted files be owned by that process.
# ls -l /var/www/html/ total 24 drwxr-x---. 3 apache apache 4096 6 juil. 09:37 default drwxr-x---. 3 apache apache 4096 6 juil. 10:01 phpinfo drwxr-x---. 3 apache apache 4096 6 juil. 09:41 slackbox-mail drwxr-x---. 3 apache apache 4096 6 juil. 09:37 slackbox-site drwxr-x---. 3 apache apache 4096 6 juil. 09:42 unixbox-mail drwxr-x---. 3 apache apache 4096 6 juil. 09:38 unixbox-site
Directories are all drwxr-x---, while files are -rw-r-----.
Now some guy on the french forum fr.centos.org told me that I got everything wrong, and that my setup is a security flaw, without elaborating any further though.
So I thought I'd ask on this list (which is a little bit more urbane than the french forum).
1. What is wrong with my setup ?
2. What do you suggest ?
BTW, I don't mind to RTFM, even extensively.
Cheers from the sunny South of France,
Niki Kovacs