httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jupiter <>
Subject Re: [users@httpd] apache access permission
Date Thu, 18 Oct 2012 09:56:55 GMT
Thanks Mark.

On 10/17/12, Mark Montague <> wrote:
> Also, are you sure you have no home directory for the user "apache"?  On
> CentOS systems, if you check in the sixth field of the /etc/passwd entry
> for user "apache", you should see a home directory of /var/www

Yes, you are right.

> For the ssh key, it is important to keep it secure.  Anyone who gets
> this key can use it to log in to any system that trusts the key.  So it
> is best to have the key be single-purpose, used only for your PHP web
> application and not for anything else.  If the key already exists (that
> is, it was not created just for the use of this PHP web application) and
> is owned by another user, then that is not great and by letting the user
> "apache" read (a copy of) the key you may be doing something dangerous.

The key is only used by PHP web application, so the apache owns that key.

> it would be very bad if your DocumentRoot were /var/www for some reason,
> as you'd then be making your ssh key available to anyone who could
> access your web site).

Are you saying that the apache home directory is in /var/www which
cannot be changed, but the DocumentRoot should be changed to any other
directory other than /var/www? The DocumentRoot should not be the same
directory as the apache home directory for the security reason.

Thank you.

Kind regards.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message