httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ksenia Marasanova <kse...@ksenia.nl>
Subject Re: [users@httpd] remote update of the websites
Date Sun, 25 Apr 2004 23:01:37 GMT
>
> It is not less secure as long as you secure the rest of your box.  You 
> could have the server running as nobody and the files owned by a 
> regular user (files mode 644, dirs/CGIs 755).  Having the files owned 
> by a user that cannot log onto the box is ultimately more secure, but 
> makes administration/maintenance more complicated.
>
> Running the server as the same user that owns the files is generally a 
> big no-no.  Even without the write bit on the files and directories, 
> it's probably not as secure as you think it is.
>

Thank you for this information! I guess I've misunderstood 
documentation about the ownership of the files.
Another question: what about file uploads that are made by nobody? How 
can I set default owner to a different user?

thanx
Ksenia.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message