httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "TD - Sales International Holland B.V." ...@salesint.com>
Subject Re: Permissions
Date Thu, 10 Jan 2002 21:26:32 GMT
On Wednesday 09 January 2002 18:07, you wrote:

I would consider that a security consious decision. Now you can set files to 
user <user> group apache other to rw-r----- so then the user (creator) of the 
file can read it, apache can read it, the rest of the world can't. Otherwise 
you either have to chmod the files to apache, in which case you loose rights 
over them, or had to set the group to nogroup which everybody is a member of 
and can thus access your files, or just had to make them plain world 
readable, which in my opinion is bad, especially with scripts that contain 
passwords.

Regards


> > The main thing to keep in mind is that your web server
> > probably runs as user 'nobody' (check httpd.conf to make
> > sure).
>
> It's set to run as apache in the apache group. Is this ok?
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message