[CentOS] OT: SA/Apache "Best Practice"?
Paul Heinlein
heinlein at madboa.com
Fri Oct 31 18:12:57 UTC 2008
On Fri, 31 Oct 2008, Camron W. Fox wrote:
> [Our customer has] asked, that we change the default directory
> permission/ownership of /var/www/html,cgi-bin, instead of using the
> Documentroot and ScriptAlias parameters in the apache configuration.
>
> drwxr-xr-x 2 root root 4096 Jan 11 2008 /var/www/cgi-bin
> drwxr-xr-x 2 root root 4096 Jan 11 2008 /var/www/html
>
> to
>
> drwxrwxr-x 2 root user 4096 Jan 11 2008 /var/www/cgi-bin
> drwxrwxr-x 2 root user 4096 Jan 11 2008 /var/www/html
>
> We have explained that it is preferable *not* to modify the default
> filesystem configuration of the underlying OS and have recommended
> that they customize the app by specifying a location of their choice
> in httpd.conf. They argue that they "just want to use the system
> default location". There is no *technical* reason for this,
> according to them. The location does not affect the app.
>
> None of the other web servers we manage for them use the RHEL apache
> default, they all have customized locations for content and scripts.
>
> My question is:
>
> What argument, if any, would you use to try and convince the
> customer that this is a bad idea/bad practice?
Updates to the httpd package will overwrite those permissions, so
there will need to be a cron job (or very vigilent SA) that monitors
those perms, re-customizing them as necessary.
Otherwise, what they're asking isn't all that unusual, imo.
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the CentOS
mailing list