httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Godrej <jamesgod...@yahoo.in>
Subject [users@httpd] giving write permissions to apache user on some folders in document root
Date Thu, 03 Feb 2011 19:48:42 GMT
Hi,
I am trying to get a few Content Management Systems up and running.
But I have security concerns with respect to them  

1) please see following link
   http://www.dokeos.com/doc/installation_guide.html section 2 says
 The following directories need to be readable, writeable and executable for  
everyone: 


    * dokeos/main/inc/conf/
    * dokeos/main/upload/users/
    * dokeos/main/default_course_document/
    * dokeos/archive/
    * dokeos/courses/
    * dokeos/home/

I am not very happy with this idea of having directories to be 
readable,writeable and executable for every one.

2) http://doc.claroline.net/en/index.php/Install_general_information

the section
 Rights on folders  says

" If you don't want to set write access on the whole folders, which is 
recommended for security reasons, give to the web server user write access on 
these folders : "

Is this a recommended practice.?

3) Also another LMS (Learning Management System) while installing asked to give 
some folders writeable and executable for every one
here is a link
http://atutor.ca/atutor/docs/installation.php 
While installing it I got a message 

     “The directory you specify must be created if it does not already exist     
and be writeable by the webserver. On Unix machines issue the command chmod 
a+rwx content, additionally the path may not contain any symbolic links.
    chmod a+rwx /var/www/atutor/content”
 
 

4) Another LMS docebolms asked to give write permissions on 
 files/doceboCore/photo
files/common/users
files/doceboLms/course
files/doceboLms/forum
files/doceboLms/item
files/doceboLms/message
files/doceboLms/project
files/doceboLms/scorm
files/doceboLms/test
 
I checked its documentation
http://www.docebo.org/doceboCms/index.php?mn=docs&op=docs&pi=5_4&folder=7
but was not that helpful.

I am not at all convinced by the idea of giving permissions to read,write and 
execute as these Learning Management Systems say.
Let me know what you people have to say?
What is the best practise in such situations?




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message