[sllug-members]: HTTP Directory Permissions Best Practices
Mike Potter
mike at mikenbob.com
Tue Sep 19 09:38:31 MDT 2006
I have been using apache for a couple years now, and just thought of
this question...
What are the best practices when it comes to the http files directories
and their owners/permissions?
I have a few directories, including my main site, photos, blog,
development, webmail, etc. Who should be the owners of those
directories? What is the best idea for permissions? Many of the
directories are owned by root, and readable by my apache user, but now
that I am attempting to set up a CMS, apache also needs to write to
them. I also am having to su each time I work on my web sites. That is
quite annoying itself. Is there any harm to making all the files in the
main http folder writable by apache and making them part of my personal
group so I can write them as well?
What are you all doing? What is safe? The last thing I need is to be
hacked again. When I started on windoze years ago, my unsecured http
site was hacked within 24 hours.
More information about the sllug-members
mailing list