[CLUE-Tech] Apache on Debian
Jed S. Baer
thag at frii.com
Sat Nov 2 10:36:51 MST 2002
On Sat, 2 Nov 2002 10:15:39 -0700
"Timothy C. Klein" <teece at silverklein.net> wrote:
> This is from the file /usr/share/doc/apache/README.Debian
>
> "* The default webpages are owned by root.root by default (*not*
> www-data.www-data), so hackers will have a harder time defacing the
> site."
> * Randy Arabie (randy at arabie.org) wrote:
> >
> > I'm trying to get the Apache + PHP + MySQL trifecta running on
> > my debian (woody) box.
> >
> > The web root is /var/www and noticed things there are owned by
> > root:root. Is that standard for debian? I've seen most other
> > unices use another user, like apache:apache, www:www, or
> > nobody:nobody.
Interesting. I wonder how having the files owned by root makes it more
difficult to deface the site. Presuming that ability to deface means
you've been cracked, wouldn't it be better to get cracked as httpd:httpd
or some such, than as root?
jed
--
We're frogs who are getting boiled in a pot full of single-character
morphemes, and we don't notice. - Larry Wall; Perl6, Apocalypse 5
More information about the clue-tech
mailing list