On Fri, 31 Oct 2008, Camron W. Fox wrote: > [Our customer has] asked, that we change the default directory > permission/ownership of /var/www/html,cgi-bin, instead of using the > Documentroot and ScriptAlias parameters in the apache configuration. > > drwxr-xr-x 2 root root 4096 Jan 11 2008 /var/www/cgi-bin > drwxr-xr-x 2 root root 4096 Jan 11 2008 /var/www/html > > to > > drwxrwxr-x 2 root user 4096 Jan 11 2008 /var/www/cgi-bin > drwxrwxr-x 2 root user 4096 Jan 11 2008 /var/www/html > > We have explained that it is preferable *not* to modify the default > filesystem configuration of the underlying OS and have recommended > that they customize the app by specifying a location of their choice > in httpd.conf. They argue that they "just want to use the system > default location". There is no *technical* reason for this, > according to them. The location does not affect the app. > > None of the other web servers we manage for them use the RHEL apache > default, they all have customized locations for content and scripts. > > My question is: > > What argument, if any, would you use to try and convince the > customer that this is a bad idea/bad practice? Updates to the httpd package will overwrite those permissions, so there will need to be a cron job (or very vigilent SA) that monitors those perms, re-customizing them as necessary. Otherwise, what they're asking isn't all that unusual, imo. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/