Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 38760 invoked by uid 500); 12 Mar 2002 12:51:40 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 38749 invoked from network); 12 Mar 2002 12:51:39 -0000 Received: from smtpout.mac.com (204.179.120.88) by daedalus.apache.org with SMTP; 12 Mar 2002 12:51:39 -0000 Received: from smtp-relay02.mac.com (server-source-si02 [10.13.10.6]) by smtpout.mac.com (8.12.1/8.10.2/1.0) with ESMTP id g2CCpe7M004784 for ; Tue, 12 Mar 2002 04:51:40 -0800 (PST) Received: from asmtp01.mac.com ([10.13.10.65]) by smtp-relay02.mac.com (Netscape Messaging Server 4.15 relay02 Jun 21 2001 23:53:48) with ESMTP id GSV2E300.N43 for ; Tue, 12 Mar 2002 04:51:40 -0800 Received: from [207.203.95.65] ([207.203.95.65]) by asmtp01.mac.com (Netscape Messaging Server 4.15 asmtp01 Jun 21 2001 23:53:48) with ESMTP id GSV2E300.O83 for ; Tue, 12 Mar 2002 04:51:39 -0800 User-Agent: Microsoft-Entourage/10.0.0.1331 Date: Tue, 12 Mar 2002 07:51:35 -0500 Subject: Re: rights From: Bill -Sx- Jones To: Message-ID: In-Reply-To: <004d01c1c9ac$c9ad72f0$e702c7c7@raulsq3sr1geej> Mime-version: 1.0 X-Sender: -Sx- IUDICIUM X-Origin: OuterLimits Content-type: text/plain; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N On 3/12/02 5:00 AM, "Ra=FAl Villa" wrote: > I supose that is to give rwx r-- r-- to all the files. But I have some > doubts: >=20 > - It this the correct way to protect my site? > - when I access the server from our internal network (Win XP) I have no > rights to change files. Actually a change rigths in Linux while I do the > changes, then I protect again. > - Is there any way to access via Samba as root to change my html, php ...= . > files? > - In my MySQL data directory wich access rights should I put? You have many questions which have nothing to do with Apache - The SMB/filesystem questions depend upon whether anyone can access your system via Samba - if so, then you may have other security concerns. The main MySQL issue I am wondering is - do you believe that the UID 0 and MySQL ID 'root' are the same thing? They are not. The MySQL system uses a completely different ID schema for access, just be careful not to use any admin level access codes/passwords over the public Internet and a standard MySQL install should be good. As far as file bits and security go - I always use -r--rw---- nobody:www somefile.html dr-xrwx--- nobody:www somedirectory (The x's above on a directory allow it to become 'searchable' - ICYDK :) That way I can place other people in the WWW group with r/w access without giving other unneeded access. This helps keep the system security more finely controllable. It is better to lock a system tight, then unlock things as you become aware of how any given lock works - and only then if you understand why the lock may be required in the first place... HTH; -Sx- :] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org