On Jul 29, 2010, at 8:35 PM, James Godrej wrote:
> This I understand.
> But then do other users not need read write permissions.
> There is hardly any thing given on this page
> http://httpd.apache.org/docs/trunk/misc/security_tips.html#serverroot
> You mentioned ServerRoot not be chowned to Apache.
> But if not then to what should it be and there is nothing about
> Document Root to be chowned ?
> Who should own the Document Root there are many applications I
> download from internet in their README pages it says
> to chown those directories to apache.
> Otherwise it never worked.
> What should I do in this situation?
If an application tells you you must chown it to Apache, then that's a
clear indication that the authors of that application have no concern
for security, and the application should be avoided.
--
Rich Bowen
rbowen@rcbowen.com
|