httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jupiter <jupiter....@gmail.com>
Subject Re: [users@httpd] apache access permission
Date Thu, 18 Oct 2012 09:56:55 GMT
Thanks Mark.

On 10/17/12, Mark Montague <mark@catseye.org> wrote:
> Also, are you sure you have no home directory for the user "apache"?  On
> CentOS systems, if you check in the sixth field of the /etc/passwd entry
> for user "apache", you should see a home directory of /var/www

Yes, you are right.

> For the ssh key, it is important to keep it secure.  Anyone who gets
> this key can use it to log in to any system that trusts the key.  So it
> is best to have the key be single-purpose, used only for your PHP web
> application and not for anything else.  If the key already exists (that
> is, it was not created just for the use of this PHP web application) and
> is owned by another user, then that is not great and by letting the user
> "apache" read (a copy of) the key you may be doing something dangerous.

The key is only used by PHP web application, so the apache owns that key.

> it would be very bad if your DocumentRoot were /var/www for some reason,
> as you'd then be making your ssh key available to anyone who could
> access your web site).

Are you saying that the apache home directory is in /var/www which
cannot be changed, but the DocumentRoot should be changed to any other
directory other than /var/www? The DocumentRoot should not be the same
directory as the apache home directory for the security reason.

Thank you.

Kind regards.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message