[clue-tech] DocumentRoot permissions [was Re: Presentation on
Ubunto/Debian?]
Collins Richey
crichey at gmail.com
Tue May 31 19:29:25 MDT 2005
On 5/30/05, Angelo Bertolli <angelo at freeshell.org> wrote:
> David Anselmi wrote:
>
> > Collins Richey wrote:
> > [...]
> >
> >> One thing I'm curious about, security-wise. On Kubuntu, Debian too?,
> >> the root web directory is /var/www owned by root:root whereas RedHat
> >> and others put the root directory in /var/www/<somethingelse> usually
> >> owned by apache:apache. Isn't root ownership of the web directory a
> >> bad idea (TM)?
> >
> >
> > Why would root ownership be a bad idea? Your confusing file ownership
> > with process ownership, I think.
>
> Root ownership is fine. Just don't run apache as root, and don't suExec
> as root (if that's allowed). I know suPHP won't work if your UID is 100
> or below in the current compilation.
>
> But of course if apache is running as another user, and your web
> directory is mod 700, then it won't be able to read it. My hunch is
> your web server is not being run as root, and if you chmod 700 the
> directory it won't work.
>
See note from other thread. [K]ubuntu runs apache as User 'myownuser'
Group 'myownuser'.
--
Collins
Head teachers of the world unite: you have nothing to lose but
the Start button.
More information about the clue-tech
mailing list