httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "j k" <jonnyk...@gmail.com>
Subject Re: [users@httpd] Re: Running webserver as apache?
Date Fri, 11 Apr 2008 18:14:56 GMT
On Fri, Apr 11, 2008 at 7:27 AM, <christian.folini@post.ch> wrote:

>  Hi Mandy,
>
> > I need to know if its a good idea to run webserver as
> > user 'apache', have all files in webroot owned by user
> > apache and perms 644?
>
> It's not exactly a good idea, but if you are in a situation
> where the advantage outweighs the problems, then go ahead.
>
> > Would this still mean that if server runs as apache
> > and it has read/write access, someone could take
> > advantage of loop holes on the site and overwrite
> > some files on our site?
>
> Simply speaking yes.
>
> You may also want to look into the mod_suexec.
>
> regs,
>
> Christian Folini
>
 Hi Christian,

could you point us to any discussion on this topic. I'm interested to know
the pros and cons.

Thanks
Jonny

Mime
View raw message