[SLUG] Writing to /var/www/html

[Ross Kendall]

Hi Stephen,

Generally it's considered a security risk to allow Apache write access
to all of /var/www/html
While sometimes it is necessary to allow web scripts to write to the web
documents directory (for example to save files that have been uploaded
through a web form), it is best if the write permission is restricted to
a sub-directory - such as /var/www/html/data

Another note.  for files you only need the permission of 664, not 774 (6
is for read/write, while 7 is for execute as well).  774 is needed for
directories though.

It is also possible to change the umask for Apache so that files are
written with group write permission by default (664), but I can't
remember how to do it off the top of my head.

Cheers,
Ross.

P.S.  Hi everyone else! - I'm new to this list (and also to Scarborough)



Stephen O'Neill wrote:
> Hi guys,
>
> I have what I hope will be really stupid question but I can't quite
> figure it out.
>
> Whenever I create a normal file I give permissions of 644 by default.
> This is fine.
>
> However, I am a web developer and write to /var/www/html all the time.
> The problem here is that apache runs as www-data and needs write
> permission and additionally I need write to the files it creates
> (cache files for example).
>
> I have been working around this by putting myself in the www-data
> group and periodically doing:
>
> chown -R www-data.www-data /var/www/html
> chmod -R 774 /var/www/html
>
> But there must be a better way? I could put www-data in my group but
> apart from that being insecure I can't see how I can automatically
> make files in a single directory 774 by default.
>
> Is anyone else on the list doing this? And how are they working with
> it? Please make me feel thick!
>
> Cheers,
>
> Steve O
>