Discussion:
documentroot ownership and permissions
(too old to reply)
s***@lavabit.com
2013-01-11 04:54:58 UTC
Permalink
In Apache web server, what user and group should own the documentroot? What permissions should it have? Should it be the user that runs the the apache web server? If not and the web server includes the php module, and php writes to a file - should the file be under the documentroot or outside of it? Thanks.
patpro ~ patrick proniewski
2013-01-11 05:45:31 UTC
Permalink
Post by s***@lavabit.com
In Apache web server, what user and group should own the documentroot? What
permissions should it have? Should it be the user that runs the the apache
web server? If not and the web server includes the php module, and php writes
to a file - should the file be under the documentroot or outside of it?
Thanks.
It's only a matter of security:

- apache user should own as few things as possible, especially if a
scripting language is involved
- actions of the web server (read/write/exec) should be limited to the
minimum

The more you allow to Apache user, the more damages a hacker exploiting
a vulnerability in your php application can do.

patpro
--
photo http://photo.patpro.net/
blog http://www.patpro.net/
Continue reading on narkive:
Loading...