Permissions on /var/www
Roy Sigurd Karlsbakk
roy at karlsbakk.net
Mon Aug 17 12:18:38 UTC 2009
On 17. aug.. 2009, at 13.43, Armindo Silva wrote:
> Shouldn't be owned by www-data so apache can write there?
No. Allowing the apache user to change or delete its website is no
good and allows for much easier hacking/defacing the site(s) on the
box. If the apache user cannot write to /var/www, a security bug in
the web server won't allow the hacker write access to /var/www, so
less harm done.
roy
--
Roy Sigurd Karlsbakk
(+47) 97542685
roy at karlsbakk.net
http://blogg.karlsbakk.net/
--
I all pedagogikk er det essensielt at pensum presenteres
intelligibelt. Det er et elementært imperativ for alle pedagoger å
unngå eksessiv anvendelse av idiomer med fremmed opprinnelse. I de
fleste tilfeller eksisterer adekvate og relevante synonymer på norsk.
More information about the ubuntu-server
mailing list