Noah Duffy wrote:
> Bob Proulx wrote:
> > Sorry for the long rant. I rarely get down to this mailing list in my
> > reading. I did today and your discussion thread caught my attention
> > and I was compelled to comment upon it.
>
> I had to read your response twice. It was loaded with more helpf
On Aug 8, 2013, at 5:33 PM, Bob Proulx wrote:
> Sorry for the long rant. I rarely get down to this mailing list in my
> reading. I did today and your discussion thread caught my attention
> and I was compelled to comment upon it.
I had to read your response twice. It was loaded with more helpf
Noah Duffy wrote:
> WordPress may be a bad example, but here's what I'm trying to accomplish:
If nothing else it is extremely popular.
> When installing, there are just a few files and directories which
> contain the pages and PHP. Upon first visit, it has you enter your
> admin password and then
On Aug 8, 2013, at 12:20 PM, John Iliffe wrote:
> Apache has to start as root so it can get permission on the socket
> (presumably 80). It then does an su to the uid it runs under. Could be
> apache but you can have anything you want. It does not need write or
> execute on any of the page d
Apache has to start as root so it can get permission on the socket
(presumably 80). It then does an su to the uid it runs under. Could be
apache but you can have anything you want. It does not need write or
execute on any of the page directories just read. They could be owned by
you or you
On Aug 7, 2013, at 6:36 PM, Yehuda Katz wrote:
> Check out how the default configuration of apache works on Debian/Ubuntu.
> They run as the user www-data and have the correct permissions set on the
> /var/www folder.
I'm running Ubuntu Server 12.04 and just checked the default permissions on
Do not run Apache as yourself. If it (or any application it runs as a
module - like PHP if you use mod_php) is compromised, it will be able to
modify your personal files.
Most people run apache as www-data (or similar) in a dedicated directory.
Check out how the default configuration of apache wor
I've tinkered with running a website using Apache on Linux for a few
years now, but in my earlier days, I was a little naive and didn't pay
too much attention to permissions.
Now that I'd like to host a very small site on a home server, I'm trying
to take security seriously. I know I could easily
