[CentOS] Groups

Mon Jan 31 18:13:45 UTC 2011
Always Learning <centos at g7.u22.net>

On Mon, 2011-01-31 at 18:05 +0100, Nicolas Thierry-Mieg wrote:

> so you prefer giving the apache user write access to /var/www ?
> Is this really a good thing...?
> I agree with the group advice though, if you have several users 
> modifying the website content of course.

Apache is wonderfully flexible where "root" or "base" directories can be
created for USER applications. 

There is absolutely NO need to let any HTML user rummage around
in /var/www/.  My advice is keep them well-out and disable any dodgy
'Alias' links.

All my web sites are created as virtual hosts and the base directories
start at /data/web/domain-name/public/.  Thus no web user gets the
chance of roaming anywhere except above /data/web/domain-name/public/.
PHP routines used on web pages are in /data/sys to which no web user can
get access.

Also avoid having phpMyAdmin off the main web directory. Ordinary users
don't need access and should never have access to it. Hide it away
somewhere and create a virtual Apache host to use it with a non-standard
port number. Make it hard for the hackers and spoilers to find it.

/data is a directory created in the operating system's root directory
and may reside on its own partition.


With best regards,