"/var/www/html" permission question
Alexander Dalloz
ad+lists at uni-x.org
Sat Aug 5 13:25:22 UTC 2006
Ric Moore schrieb:
>On Sat, 2006-08-05 at 11:01 +0100, Paul Howarth wrote:
>
>
>
>>You might consider checking out the UserDir directive in the httpd.conf
>>file (disabled by default), which would enable your users to host pages
>>(including PHP) in their ~/public_html directory and access them via
>>http://server.name/~username/
>>
>>That would avoid the need to open up /var/www/html.
>>
>>
>
>Confused, what about ownership?? I thought it had to be apache:apache
>according to the docs? Just getting mine up as well and I really need to
>know. I have no users on my machine, just html to the web. Ric
>
>
Imagine there is somewhere a security issue with Apache, PHP, Perl or a
web application: if /var/www/html (and maybe even below) would be owned
apache:apache an attacker could easily deface or in other way manipulate
the web content. That is not good.
Generally the user as which Apache (httpd) runs does not have needs to
be able to write/delete webcontent. In limited cases there must be
specific space for Apache to store data. Then such specific directories
need apache ownership / groupownership.
Alexander
More information about the fedora-list
mailing list