httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill -Sx- Jones <sn...@mac.com>
Subject Re: rights
Date Tue, 12 Mar 2002 12:51:35 GMT
On 3/12/02 5:00 AM, "Raúl Villa" <sat@ie3.com> wrote:

> I supose that is to give rwx r-- r-- to all the files. But I have some
> doubts:
> 
> - It this the correct way to protect my site?
> - when I access the server from our internal network (Win XP) I have no
> rights to change files. Actually a change rigths in Linux while I do the
> changes, then I protect again.
> - Is there any way to access via Samba as root to change my html, php ....
> files?
> - In my MySQL data directory wich access rights should I put?


You have many questions which have nothing to do with Apache -

The SMB/filesystem questions depend upon whether anyone can access your
system via Samba - if so, then you may have other security concerns.

The main MySQL issue I am wondering is - do you believe that the UID 0 and
MySQL ID 'root' are the same thing?  They are not.  The MySQL system uses a
completely different ID schema for access, just be careful not to use any
admin level access codes/passwords over the public Internet and a standard
MySQL install should be good.

As far as file bits and security go - I always use

 -r--rw---- nobody:www somefile.html
 dr-xrwx--- nobody:www somedirectory

(The x's above on a directory allow it to become 'searchable' - ICYDK :)


That way I can place other people in the WWW group with r/w access without
giving other unneeded access.  This helps keep the system security more
finely controllable.

It is better to lock a system tight, then unlock things as you become aware
of how any given lock works - and only then if you understand why the lock
may be required in the first place...


HTH;
-Sx-  :]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message