httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wim Lewis <w...@omnigroup.com>
Subject Re: [users@httpd] Apache permissions stabs new Linux user in face with icepick. Suggestions?
Date Thu, 10 Mar 2016 03:14:53 GMT

On Mar 9, 2016, at 6:38 PM, Francis Roy <lists@unimportantstuff.com> wrote:
> Thank you that answers my question quite nicely. It's not a giant flag waving at the
internet, but if someone got a hold of my machine directly, it could provide a small bit of
information used in a general strategy.

Right. It's not automatically unsafe to allow other users to see your mounted disks' contents[1],
but the casual user's expectation is that user A can't tell what files user B has, so the
default setup is to disallow that.

But if you *want* to expose some files to other users (in this case, to the "_www" user that
Apache runs as) then it's reasonable to give them execute (aka search) and possibly read permission.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message