[CentOS] /var/www/html group & owner (fwd)

Wed Mar 5 14:43:21 UTC 2008
Hiep Nguyen <hiep at ee.ucr.edu>

On Tue, 4 Mar 2008, lists-centos wrote:

> for apache to be able to serve the files under the document root it
> needs (and should only have) read access to the files (and
> read/execute for the directories). the directories/files under the
> document root should **not** be owned (or writeable) by the
> user/group that the web server is running as. if they are, you have a
> security hole should someone break through the webserver (or more
> likely poorly written scripts).
> 
> so, a good approach is to have the directories/files under
> owner/group other than apache (assuming your web server is running as
> the apache user), with read-only access given to "world".

assume that i have a user and group named "weber".  i'll use "weber" to upload 
(via ftp) directories/files to /var/www/html/

what should /var/www/html/ look like?

also, i have some php include files that i don't want anyone access except 
apache b/c they contain user/pw to mysql.  where should i place them?

i usually place them in /var/www/html/includes/

someone suggested i place them in /var/www/include/, but my question is what 
user/group /var/www/include/ belong to?

thanks
t. hiep

> 
>
>  - Rick
> 
> ------------ Original Message ------------
>> Date: Tuesday, March 04, 2008 12:18:56 PM -0800
>> From: Hiep Nguyen <hiep at ee.ucr.edu>
>> To: centos at centos.org
>> Cc:
>> Subject: [CentOS] /var/www/html group & owner
>> 
>> hi again,
>> 
>> [root at dev ~]# ls -all /var/www/
>> total 64
>> drwxr-xr-x  8 root      root 4096 Mar  3 11:44 .
>> drwxr-xr-x 21 root      root 4096 Mar  3 11:44 ..
>> drwxr-xr-x  2 root      root 4096 Jan 15 20:36 cgi-bin
>> drwxr-xr-x  3 root      root 4096 Mar  3 11:43 error
>> drwxr-xr-x  2 root      root 4096 Jan 15 20:36 html
>> drwxr-xr-x  3 root      root 4096 Mar  3 11:44 icons
>> drwxr-xr-x 14 root      root 4096 Mar  3 11:44 manual
>> drwxr-xr-x  2 webalizer root 4096 Mar  3 11:44 usage
>> 
>> currently, html is belonging to root group/owner and httpd is
>> running under apache user/group.
>> 
>> what should i change html to, so that httpd can run safely under
>> apache user/group???
>> 
>> or should i change httpd to run under a different user/group???
>> 
>> if i keep httpd running on apache user/group, should i change html
>> to apache group/owner???
>> 
>> thank you for all your help.
>> t. hiep
>> 
>> 
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
> 
> ---------- End Original Message ----------
> 
>