Permissions on /var/www
Jim Tarvid
tarvid at ls.net
Mon Aug 17 16:00:14 UTC 2009
I've found putting the web root in user space preferable to /var/www. Since
many users have multiple websites I place each web tree under
/home/user/public_html.
Still leaves rafts of security question for which I find no complete
solution other than virtual private web servers but if I remove shell and
ftp won't let them browse directories I can find some peace.
On Mon, Aug 17, 2009 at 11:54 AM, Charles Hooper <chooper at plumata.com>wrote:
> IMHO I feel that the current permissions of root:root 755 are
> sufficient. Should a user/application have specific requirements then
> this can be easily changed.
>
> Regards,
> Charles Hooper
>
> Giorgio Zarrelli wrote:
> > Hi,
> >
> >
> > better would be to let the subdir under /var/www to be owned by
> > user.apachegoup and set to 755.
> >
> >
> > This way, each user can manage his contents and apache can only read
> > them and show their contents to visitors.
> >
> >
> > Giorgio
> >
> >
> > Il Monday 17 August 2009 14:18:38 Roy Sigurd Karlsbakk ha scritto:
> > > On 17. aug.. 2009, at 13.43, Armindo Silva wrote:
> > > > Shouldn't be owned by www-data so apache can write there?
> > >
> > > No. Allowing the apache user to change or delete its website is no
> > > good and allows for much easier hacking/defacing the site(s) on the
> > > box. If the apache user cannot write to /var/www, a security bug in
> > > the web server won't allow the hacker write access to /var/www, so
> > > less harm done.
> > >
> > > roy
> > > --
> > > Roy Sigurd Karlsbakk
> > > (+47) 97542685
> > > roy at karlsbakk.net
> > > http://blogg.karlsbakk.net/
> > > --
> > > I all pedagogikk er det essensielt at pensum presenteres
> > > intelligibelt. Det er et elementært imperativ for alle pedagoger å
> > > unngå eksessiv anvendelse av idiomer med fremmed opprinnelse. I de
> > > fleste tilfeller eksisterer adekvate og relevante synonymer på norsk.
> >
> >
> >
>
>
> --
> ubuntu-server mailing list
> ubuntu-server at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>
--
http://ls.net
http://drupal.ls.net
The path to God starts with a simple act of kindness.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20090817/e0d07fee/attachment.html>
More information about the ubuntu-server
mailing list