[Gllug] Apache / permissions

[tet at accucard.com]

>I've got a feeling this is insecure but I'm not sure exactly why or what
>would be a better scheme for this type of situation. Could members of
>the apache group stop apache running if they gained shell access or
>something?

Not unless Apache had been deliberately set up that way.

>What's the usual way to do this sort of thing?

We have all the directories containing web pages set to 0755, and all
files therein set to 0644 -- they're going to be on a public web site,
after all, so what does it matter if local users can see them?

Where this breaks down is when you're using server side scripting to
generate the pages (e.g., PHP), and you might not want people to see
the source.

Tet

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug