Who should own html files?
Jeff Vian
jvian10 at charter.net
Tue Jun 20 12:55:29 UTC 2006
On Mon, 2006-06-19 at 23:06 -0700, Knute Johnson wrote:
> I'm setting up my HTTP server and I'm not sure who should own my html
> files. These are not user files but the files I keep in my document
> root, /var/www/html. Currently they are owned by root:root.
>
Html files -- Does not matter who owns them, only who can read them.
The server must be able to read them for the client.
> What about cgi script files in /var/www/cgi-bin? I wouldn't think
> you would want them owned by root?
>
Same as above, As long as they are not suid they can only do as much
damage as the user _running_ the script/program (usually the user
running the web server). If the script/program is suid then it can do
as much damage as its _owner_ could do, whoever that may be. Ownership
is not nearly as intrusive and dangerous as suid would be.
> Thanks,
>
> --
> Knute Johnson
> Molon Labe...
>
>
More information about the fedora-list
mailing list