[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: apache
you only need 711, and setting it to 711 would increase security.
4/19/2002 5:41:04 PM, "Casey Boone" <ophidian@mychoice.net> wrote:
>well setting 755 worked great
>
>sweet
>
>i miss acl's *sniffle*
>
>Casey
>
>-----Original Message-----
>From: silug-discuss-owner@silug.org
>[mailto:silug-discuss-owner@silug.org]On Behalf Of Casey Boone
>Sent: Friday, April 19, 2002 9:11 AM
>To: silug-discuss@silug.org
>Subject: Re: apache
>
>
>
>yeah i had the 644 on everything down to the dir i used as root, but i didnt
>know about the execute bit's behavior on folders. i always wondered if it
>did anything, as "executing" a directory didnt make a whole lot of sense to
>me :)
>
>i should have some time tonight to finally get to work on it again
>
>Casey
>
>
>-----Original Message-----
>From: silug-discuss-owner@silug.org
>[mailto:silug-discuss-owner@silug.org]On Behalf Of Mike808
>Sent: Wednesday, April 17, 2002 8:30 PM
>To: silug-discuss@silug.org
>Subject: Re: apache
>
>
>Casey Boone wrote:
>> i set the folder to at least 644 permissions for each folder down until
>the
>> folder that was supposed to be the root for the virtual host
>>
>> index.html file was also set 644
>
>chmod 644 index.html ==> rw-r--r-- ==> u=rw,g=r,o=r
>
>That's fine for files. For directories, you also need *execute* permissions.
>
>So, on the folders, you should set permissions to 755.
>
>chmod 755 public_html ==> rwxr-xr-x ==> u=rwx,g=rx,o=rx
>
>Read permissions on a directory let you read the contents.
>Execute permissions let you *traverse* the directory (i.e. into its
>subdirectories).
>
>And if you are talking about a user's home directory, you will need to have
>the following permissions for the directories:
>
>$ ls -ld /home /home/user /home/user/public_html
>rwxr-xr-x 1 root sys ... /home
>rwxr-xr-x 1 user user ... /home/user
>rwxr-xr-x 1 user user ... /home/user/public_html
>
>The reason is that in order to *get to* /home/user/public_html, you must
>first
>be able to traverse both /home and /home/user. If the web user runs as
>'nobody' or 'web', then they are likely not in the sys or users groups.
>Hence, the effective permissions of 'other' when traversing the filesystem
>to get to your web pages.
>
>So, if you think this compromises your home directory, then you will need
>to reconfigure Apache to use a different 'root' directory for users that is
>not their home directories. Some people don't like their home directories
>being exposed for all to see what's inside. i.e. pr0n, mp3z, oggz, etc.
>
>ObStarWars: http://atomfilms.shockwave.com/afassets/flash/gangsta.swf
>
>Mike808/
>--
>perl -le "$_='7284254074:0930970:H4012816';tr[0->][ BOPEN!SMUT];print"
>
>-
>To unsubscribe, send email to majordomo@silug.org with
>"unsubscribe silug-discuss" in the body.
>
>
>-
>To unsubscribe, send email to majordomo@silug.org with
>"unsubscribe silug-discuss" in the body.
>
>
>-
>To unsubscribe, send email to majordomo@silug.org with
>"unsubscribe silug-discuss" in the body.
>
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.
- References:
- Re: apache
- From: "Casey Boone" <ophidian@mychoice.net>