[CentOS] Apache and web content permissions
Leon Fauster
leonfauster at googlemail.com
Sun Dec 3 00:14:24 UTC 2017
> Am 02.12.2017 um 22:14 schrieb Nicolas Kovacs <info at microlinux.fr>:
>
> Le 02/12/2017 à 10:30, Nicolas Kovacs a écrit :
>
> ==> Reminder: this is actually the question I'm asking in my post.
Oh, we all read (only) what we want :-)
> So I'm finally coming to my question. How problematic is it really to
>> have the apache user and group owning the stuff under /var/www?
"problematic" should be defined by yourself (probability * impact = risk).
to answer lets use a comparison: the root user can write to all /bin/ files.
Executing them will not change the binaries (in a perfect world). What happens
when something tries to use this fact (write perm) to do malicious things?
Therefore its good practice to work as "non-root" user. So, when the
httpd user (web daemon) has full write permissions, what happens when
something tries to use this fact (write perm) to do malicious things?
Anybody that have an eye on the httpd logs knowns that the web is not
a perfect world.
Not an direct answer because there is not an absolut one but I hope that
I could express my point of view ...
--
LF
More information about the CentOS
mailing list