Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: php: /var/www/html & file owner



 eric c wrote: 
> Hi all.  I'm moving from a shared web host to rolling my own.  Getting 
> everything running was so easy I'm nervous!  In particular I would like 
> to make sure PHP / httpd stay within /var/www/html.   

In your httpd.conf, you should have a block like: 
<Directory /> 
     Options FollowSymLinks 
     AllowOverride None 
</Directory> 

That blocks reading of anything not specifically later allowed.  You 
should have a later have a <Directory "/var/www/html"> block that allows 
access to that directory and below. 

> Am I running an 
> additional risk by having the owner of the files within that directory 
> being a user other than root?  The intersection of php / httpd / selinux 
> permissions are currently unclear, any suggested reading?  Many thanks! 
> - Eric C. 

/var/www/html (and everything under it) shouldn't be owned by root, it 
should be owned by whatever user apache runs as (usually "apache" or 
"nobody").  Anything that can be read-only should be. 


-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss
 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org