freelifez
05-17-2007, 08:00 AM
Hello,
This is a complete newbie question but is there any danger involved in having web files owned by apache?
This is a complete newbie question but is there any danger involved in having web files owned by apache?
Click to See Complete Forum and Search --> : ownership apache
je_fro
05-17-2007, 11:33 AM
Well, I don't have them owned by apache, but they belong to the apache group and I haven't been hacked yet...
/me crosses fingers...
/me crosses fingers...
HughA
05-19-2007, 04:33 AM
Hello freelifez,
I have read that it is preferable to have your files owned by a different user than httpd runs under (which, by default, is apache). The rationale given for this is that is stops a lot of common web defacement attacks cold - so yes, it is better if files are not owned by apache. (Je_fro, I assume that given this reasoning the same caveat would apply to the apache group).
Have a look at the Apache security scoring tool and related documentation at http://www.cisecurity.com/bench_apache.html - this is where I found this and many other helpful insights and recommendations.
Best Regards,
Hugh
I have read that it is preferable to have your files owned by a different user than httpd runs under (which, by default, is apache). The rationale given for this is that is stops a lot of common web defacement attacks cold - so yes, it is better if files are not owned by apache. (Je_fro, I assume that given this reasoning the same caveat would apply to the apache group).
Have a look at the Apache security scoring tool and related documentation at http://www.cisecurity.com/bench_apache.html - this is where I found this and many other helpful insights and recommendations.
Best Regards,
Hugh
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.