 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
eric c wrote:
> Hi all. I'm moving from a shared web host to rolling my own. Getting
> everything running was so easy I'm nervous! In particular I would like
> to make sure PHP / httpd stay within /srv/www/html.
In your httpd.conf, you should have a block like:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
That blocks reading of anything not specifically later allowed. You
should have a later have a <Directory "/srv/www/html"> block that allows
access to that directory and below.
> Am I running an
> additional risk by having the owner of the files within that directory
> being a user other than root? The intersection of php / httpd / selinux
> permissions are currently unclear, any suggested reading? Many thanks!
> - Eric C.
/srv/www/html (and everything under it) shouldn't be owned by root, it
should be owned by whatever user apache runs as (usually "apache" or
"nobody"). Anything that can be read-only should be.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Discuss mailing list
[hidden email]
http://lists.blu.org/mailman/listinfo/discuss
