So if I understand correctly, the following procedure should result in a relatively secure setup?
My user account is frank. So what I should do is: 1. Run HTTPD with user: apache, group: apache 2. Install Coldfusion to /opt/coldfusion8 as frank. Use "apache" as the runtime user when asked at install. Give group ownership to "apache" for those parts of /opt/coldfusion9 that need it (WEB-INF, etc). 3. use /var/www as my document root. Give ownership of all files and directories here to user:frank (so I can modify them), group:apache (so httpd and CF can read them). Permissions: Read+Write for Frank, Read for apache (644 files,755 dirs). Give additional write access for apache in specific locations throughout /var/www where CFFILE / cfcache / file upload etc will need runtime access to write. Does this sound right? Thanks >Not only does /home/frank/www need to be readable by apache, all >parent directories need to be as well. So what you have is a rather >insecure setup, because the server daemon has access to your home >directory. More preferable would be to have a directory dedicated to >webapps (on RedHat and derivatives that's /var/www) which is owned by >your web server user (apache) and isolated from any individual user >account. > >As you have it right now, the CF installer should be givien 'apache' >for the group to run as. Also, CF needs write access to various >things within it's webroot, so you'll need to grant it that access. I >don't have an exhaustive list, but at the very least >/WEB-INF/cfclasses and /WEB-INF/cfusion/lib/ which house compiled CF >templates and the administrator settings respectively. There are some >more folders related to CFFORM and other stuff as well. > >cheers, >barneyb > > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-linux/message.cfm/messageid:4564 Subscription: http://www.houseoffusion.com/groups/cf-linux/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-linux/unsubscribe.cfm
