Darrell May wrote:
> # Administration: phpmyadmin > Alias /phpmyadmin /opt/administration/phpmyadmin > <Directory /opt/administration/phpmyadmin> > RequireSSL on So you will only be able to assecc this using SSL? How do you allow "dual" access? Like with webmail! > Options -Indexes What does this do? > AllowOverride None > order deny,allow > deny from all > allow from all > AuthName "phpMyAdmin" > AuthType Basic > AuthExternal pwauth > require user admin Can you specify a particular user i.e. bfriedman? I assume they have to be a user on SME. > Satisfy all > AddType application/x-httpd-php .php .php3 > php_flag magic_quotes_gpc on > php_flag track_vars on I have seen this mentioned in some applications. Some ask to turn it off! Just RTFM before right? > </Directory> > > Here is an example of forcing SSL and locking access to multiple defined > user/passwords: > > <Directory /opt/developers> > RequireSSL on > Options -Indexes > AllowOverride None > order deny,allow > deny from all > allow from all > AuthName "Restricted Developer Access Only" > AuthType Basic > AuthUserFile /etc/httpd/conf/htpasswd.developers > Require valid-user > AddType application/x-httpd-php .php .php3 > php_flag magic_quotes_gpc on > php_flag track_vars on > </Directory> Ok got it! >>3. Directory ownership - Who should be the owner of this directory? www >>or root:shared? Why? >> > > The goal is to be restrictive and only permit access where access is > directly needed. In this case www:www is not the best choice. Keep the > majority of your files set root:root and either 640 or 644 which simply adds > global read. Only files that your app MUST write to should be set www:www > and this is where you need to be careful. In other word, RTFM for the app. Do you want to give global read right? >>4. Access right? - chmod ? 755 should be ok? >> > > 7 adds executable and this should be avoided. It is only necessary for > binary files and scripts. How ever be careful as dirctories usually require > 755 so make sure you do not chmod -R 640 *. Use the find command to change > only files. > > # find . -type f -name "*" -exec chmod 640 {} \; I see this is going to be more complicated than I first though.What I think I will do is write a generic guideline. Rather than a howto, these are thing that should be in the SME manual! -- Regards Brandon Friedman Cell:083 408 7840 E-mail: [EMAIL PROTECTED] www.bfconsult.co.za -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org