httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiep Nguyen <>
Subject [users@httpd] security issue
Date Wed, 12 Dec 2007 14:13:37 GMT
hi list,

i installed apache on centos 5 and i have some questions regarding 
security for apache.  i read security tips on and get the idea, 
but still need some advices from guru here.


ServerRoot "/etc/httpd"

User apache
Group apache

DocumentRoot "/var/www/html"

as of now, /var/www/html/ belongs to root user & group.

but i have couple developers here that need to upload files to this folder 
that i don't want to give out the root password.  what should i change 
/var/www/html/ folder to?

i also have a SSI folder (/var/www/html/includes) that i don't want any 
web user to have access to because these includes files contain 
user/password to mysql.

for example, at the beginning of /var/www/html/index.php, i have:

i try to prevent web user doing this:

but at the same time allow apache server to access files in 
/var/www/html/inclues/ folder.

any idea/suggestion.

thank you,
t. hiep

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message