httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ksenia Marasanova <>
Subject Re: [users@httpd] remote update of the websites
Date Sun, 25 Apr 2004 23:01:37 GMT
> It is not less secure as long as you secure the rest of your box.  You 
> could have the server running as nobody and the files owned by a 
> regular user (files mode 644, dirs/CGIs 755).  Having the files owned 
> by a user that cannot log onto the box is ultimately more secure, but 
> makes administration/maintenance more complicated.
> Running the server as the same user that owns the files is generally a 
> big no-no.  Even without the write bit on the files and directories, 
> it's probably not as secure as you think it is.

Thank you for this information! I guess I've misunderstood 
documentation about the ownership of the files.
Another question: what about file uploads that are made by nobody? How 
can I set default owner to a different user?


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message