[CentOS] apache docroot permissions

Wed May 4 19:49:52 UTC 2011
Johan Martinez <jmartiee at gmail.com>

On Wed, May 4, 2011 at 12:58 PM, Kenneth Porter <shiva at sewingwitch.com>wrote:

> User apache only needs read access except under special conditions, such as
> a script that needs to store configuration in a file. And a lot of apps
> store their state in a DB so they don't need filesystem write access at
> all.
> Set the permissions as strict as possible, so that if an attacker finds a
> bug in apache, he does as little damage as possible.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Thanks for the suggestions Richard and Kenneth. I installed drupal here and
it requires user running apache to have write access on filesystem.
Otherwise it complains: 'The directory sites/default/files is not writable'.
The content editors/developers need write access to theme/pictures folders.
So it seems like I can't avoid giving write access to apache user. Any hacks
or tips here?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110504/f9d488c8/attachment-0005.html>