httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve" <>
Subject [users@httpd] Security Issue
Date Fri, 22 Nov 2002 01:49:16 GMT

I have a file in /home/web/master/config.php which contains my hardcoded
mysql password.
The permissions on it are

-rw-r--r-- user group

I need the Others permisson as read so the apache webserver can read the
config.php when i include it..
All the other users on the system will be able to read the file because its
readable by all..
Is there a way to stop this, so users cant read other users files..

I know u can use suEXEC to secure a little bit, but is there anyway other
then using suEXEC?

like locking them in there homedir or something?


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message