[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Any chance for a tighter /etc/ structure?
- From: Kevin Kofler <kevin kofler chello at>
- To: fedora-devel-list redhat com
- Subject: Re: Any chance for a tighter /etc/ structure?
- Date: Thu, 31 Jul 2008 15:04:40 +0000 (UTC)
Pat Riehecky <prieheck <at> iwu.edu> writes:
> about in apache tells me all sorts of things. Like in this user's home
> they have a .ht_passwords file with customer access rights. A file that
> I can cat if I want and compromise their privacy. A file I must be able
> to cat because of the apache permissions. A file I would never have
> found if I hadn't been able to read the httpd.conf file. The httpd.conf
> file that as a non-root user, I never have a reason to read.
Sure, the /etc permissions are more open than necessary, but here
the .ht_passwords file's permissions are the actual problem. There are plenty
of ways to make files readable to Apache without making them world-readable:
* use groups: make a group for each hosted site containing only the user(s)
allowed to modify the site and apache, then chown the file theuser:thegroup and
make it 640.
* use setfacl (requires filesystem support, ext3 supports it):
chmod 600 .ht_passwords
setfacl -m u:apache:r .ht_passwords
Kevin Kofler
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]