[CentOS] Permissions for LAMP
Always Learning
centos at u62.u22.net
Sat Jan 25 14:20:46 UTC 2014
On Sat, 2014-01-25 at 08:32 -0500, Steven Tardy wrote:
> the problem with your /var/www/html permissions is the user/group "apache"
> can write to directories and files. which can be used by anyone on the
> internet(bad guys) to use potentially exploitable dynamic
> pages(.php/.cgi/etc) to add/modify files on your server. this is a bad
> thing. SELinux may offer some protections.
> i would:
> chmod -R g-w /var/www/html
> chown -R somewebuser /var/www/html
> (replace somewebuser with the unix user account to modify the website.)
>
> http://wiki.apache.org/httpd/FileSystemPermissions
On my setup I have all web pages in a special root directory
/data/web/do/domain-name/sub-domain-name/files .....
with a non-standard user having rw-r-r
Apache can't write to anything except
/data/web/logs/
I have self-created web site defences which, instantly after the first
hacking attempt, block the hacker's IP address. I am not giving hackers
unlimited opportunities to continuing trying to break-in.
--
Paul.
England,
EU.
Our systems are exclusively Linux. No Micro$oft Windoze here.
More information about the CentOS
mailing list