httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject RE: Best way to do this
Date Sun, 30 Dec 2001 01:26:18 GMT

> From: Richard Shade [mailto:rshade98@hotmail.com]

> I believe that apache should be owned by a non root user such as
> apache,nobody,ncsa,httpd or johndoe with no permission to login
> then point
> the doc root to whatever you want.

Hmmm... We are being a little vague when we talk about "apache" being owned
by a paritcular user.   If we are talking about the apache binary, then it
should *not* be owned by an unpriveleged user.  It should be owned by root.
The "User" and "Group" specified in httpd.conf should be set to an
unpriveleged user, but that is a very different thing.

For more details:
http://httpd.apache.org/docs/misc/security_tips.html

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message