[clue-tech] DocumentRoot permissions [was Re: Presentation on
Ubunto/Debian?]
mikeb
mikeb at wispertel.net
Tue May 31 22:48:06 MDT 2005
Collins Richey wrote:
>On 5/30/05, Angelo Bertolli <angelo at freeshell.org> wrote:
>
>
>>David Anselmi wrote:
>>
>>
>>
>>>Collins Richey wrote:
>>>[...]
>>>
>>>
>>>
>>>>One thing I'm curious about, security-wise. On Kubuntu, Debian too?,
>>>>the root web directory is /var/www owned by root:root whereas RedHat
>>>>and others put the root directory in /var/www/<somethingelse> usually
>>>>owned by apache:apache. Isn't root ownership of the web directory a
>>>>bad idea (TM)?
>>>>
>>>>
>>>Why would root ownership be a bad idea? Your confusing file ownership
>>>with process ownership, I think.
>>>
>>>
>>Root ownership is fine. Just don't run apache as root, and don't suExec
>>as root (if that's allowed). I know suPHP won't work if your UID is 100
>>or below in the current compilation.
>>
>>But of course if apache is running as another user, and your web
>>directory is mod 700, then it won't be able to read it. My hunch is
>>your web server is not being run as root, and if you chmod 700 the
>>directory it won't work.
>>
>>
>>
>
>See note from other thread. [K]ubuntu runs apache as User 'myownuser'
>Group 'myownuser'.
>
>
Upon further investigation, Hoary 5.04 repaired my concerns with
permissions(reading Ubuntu security lists) versus the Warty 4.10(on my
test box) Release so, I am going to have to test the newer release on my
test box to prove it to myself. The jury is still out whether [K]ubuntu
is designed for server operation or ease of use as a desktop operating
system. I think the later.
More information about the clue-tech
mailing list