httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <christian.fol...@post.ch>
Subject AW: [users@httpd] Re: Running webserver as apache?
Date Fri, 11 Apr 2008 14:27:28 GMT
Hi Mandy,
 
> I need to know if its a good idea to run webserver as
> user 'apache', have all files in webroot owned by user 
> apache and perms 644?
 
It's not exactly a good idea, but if you are in a situation 
where the advantage outweighs the problems, then go ahead.
 
> Would this still mean that if server runs as apache 
> and it has read/write access, someone could take 
> advantage of loop holes on the site and overwrite 
> some files on our site?
 
Simply speaking yes.
 
You may also want to look into the mod_suexec.
 
regs,
 
Christian Folini

Mime
View raw message