[CentOS] Running Apache sites as separate users

Fri Sep 30 18:15:01 UTC 2011
Trey Dockendorf <treydock at gmail.com>

On Sep 30, 2011 11:43 AM, "John R Pierce" <pierce at hogranch.com> wrote:
>
> On 09/30/11 9:26 AM, Trey Dockendorf wrote:
> > However they also
> > want to have the CMS write to the .htaccess files to dynamically control
> > which users can access the dowloads portion of the sites.  That Im
strongly
> > against.
>
> CMS systems almost always use their own authentication and downloading
> mechanisms, they don't rely on .htaccess for anything other than
> possibily configuring whatever specific apache settings they need
> (cgi-bin, etc)
>
> --
> john r pierce                            N 37, W 122
> santa cruz ca                         mid-left coast
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

I agree, unfortunately my role is the sysadmin for this project, not the
developer.  Im running dozens of instances using Drupal, Wordpress and
Mediawiki all very successfully and securely without ever having to think
about these types of security measures.  Once I get through the red tape of
being allowed to pen test my own servers, then I'll have a better idea how
well I've done.

- Trey