httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: Security
Date Sun, 22 Sep 2002 16:03:18 GMT
Rich Bowen wrote:

> OK, I'm confused. What here would you have to do as root that should not
> be that way?

I'm not anything near a security expert, but ...

Your permissions keep ordinary users entirely out of the Apache 
directories.  This prevents ordinary users from doing, among other things:

- Running log-analysis programs
- Reading the error log
- Running htpasswd/htdigest/ab and other support programs
- Reading the httpd.conf to check how the server is configured

Now, it could be argued that under some circumstances, an adminstrator 
would not want ordinary users to do those things.  For example, the 
error log could contain sensitive error dumps from cgi scripts.  Or the 
httpd.conf could contain database passwords for php scripts.  But in 
general, a properly configured system should not really need to restrict 
these things.

The philosophy of the existing recommendations is to restrict write 
access tightly, but to allow pretty-much unlimited read access.  I don't 
see this as a bad idea.  Perhaps the docs should note that more 
restrictive read-permissions are possible, but I don't think they need 
to be "recommended".

As far as the log directory, you've already discovered that it works in 
general with the recommended no-write-permissions-to-non-root.  I 
believe there may be some things (like the scriptlog) that don't work 
that way.  For these logs, it is necessary to create the file in advance 
and chown it to www.

Regarding the requirement for mod_mime, I do belive that is some kind of 
a bug.  I recall some discussion of this a long time ago on new-httpd, 
but I can't remember the conclusions.  I'd guess the only way to figure 
it out would be to walk it with a debugger.

So, in conclusion, I like the idea of adding a discussion of how to 
remove features (modules) that aren't needed, and perhaps a little bit 
more discussion of file-permissions.  But I don't really see any need to 
change the recommended file-permissions.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message