httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject AW: [users@httpd] Re: Running webserver as apache?
Date Fri, 11 Apr 2008 14:27:28 GMT
Hi Mandy,
> I need to know if its a good idea to run webserver as
> user 'apache', have all files in webroot owned by user 
> apache and perms 644?
It's not exactly a good idea, but if you are in a situation 
where the advantage outweighs the problems, then go ahead.
> Would this still mean that if server runs as apache 
> and it has read/write access, someone could take 
> advantage of loop holes on the site and overwrite 
> some files on our site?
Simply speaking yes.
You may also want to look into the mod_suexec.
Christian Folini

View raw message