httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Stahr" <da...@prairiesys.com>
Subject RE: [users@httpd] More problems
Date Wed, 02 Oct 2002 15:38:48 GMT
> So I create a new user say apache and then change all files 
> in apache2 directory so they are owned by the new user ???? 
The user httpd runs as doesn't necessarily have to own the files, and
probably really shouldn't.  It just needs to be able to READ them
(execute for CGI).  You really shouldn't have anything writable in your
DocumentRoot, as a rule of thumb.

> can I change all files so the are owned by root so in essence 
> apache will run as root ???
Uhmmm....yes, you technically *can* -- but that would be a VERY VERY bad
idea.  It would be like putting up a big sign in your front yard when
you leave for vacation saying:
"HEY NO ONE IS HOME, COME TAKE WHATEVER YOU WANT!"

Now, in certain implementations it's not that big of a deal, and I'm
doing it myself on a server that's locked down on a LAN with only
trusted users accessing it, but in a normal scenario you really don't
want to do it.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message