[clue-tech] DocumentRoot permissions [was Re: Presentation on
Ubunto/Debian?]
Angelo Bertolli
angelo at freeshell.org
Mon May 30 22:54:34 MDT 2005
David Anselmi wrote:
> Collins Richey wrote:
> [...]
>
>> One thing I'm curious about, security-wise. On Kubuntu, Debian too?,
>> the root web directory is /var/www owned by root:root whereas RedHat
>> and others put the root directory in /var/www/<somethingelse> usually
>> owned by apache:apache. Isn't root ownership of the web directory a
>> bad idea (TM)?
>
>
> Why would root ownership be a bad idea? Your confusing file ownership
> with process ownership, I think.
Root ownership is fine. Just don't run apache as root, and don't suExec
as root (if that's allowed). I know suPHP won't work if your UID is 100
or below in the current compilation.
But of course if apache is running as another user, and your web
directory is mod 700, then it won't be able to read it. My hunch is
your web server is not being run as root, and if you chmod 700 the
directory it won't work.
Angelo
More information about the clue-tech
mailing list