I've found putting the web root in user space preferable to /var/www. Since many users have multiple websites I place each web tree under /home/user/public_html.
Still leaves rafts of security question for which I find no complete solution other than virtual private web servers but if I remove shell and ftp won't let them browse directories I can find some peace. On Mon, Aug 17, 2009 at 11:54 AM, Charles Hooper <choo...@plumata.com>wrote: > IMHO I feel that the current permissions of root:root 755 are > sufficient. Should a user/application have specific requirements then > this can be easily changed. > > Regards, > Charles Hooper > > Giorgio Zarrelli wrote: > > Hi, > > > > > > better would be to let the subdir under /var/www to be owned by > > user.apachegoup and set to 755. > > > > > > This way, each user can manage his contents and apache can only read > > them and show their contents to visitors. > > > > > > Giorgio > > > > > > Il Monday 17 August 2009 14:18:38 Roy Sigurd Karlsbakk ha scritto: > > > On 17. aug.. 2009, at 13.43, Armindo Silva wrote: > > > > Shouldn't be owned by www-data so apache can write there? > > > > > > No. Allowing the apache user to change or delete its website is no > > > good and allows for much easier hacking/defacing the site(s) on the > > > box. If the apache user cannot write to /var/www, a security bug in > > > the web server won't allow the hacker write access to /var/www, so > > > less harm done. > > > > > > roy > > > -- > > > Roy Sigurd Karlsbakk > > > (+47) 97542685 > > > r...@karlsbakk.net > > > http://blogg.karlsbakk.net/ > > > -- > > > I all pedagogikk er det essensielt at pensum presenteres > > > intelligibelt. Det er et elementært imperativ for alle pedagoger å > > > unngå eksessiv anvendelse av idiomer med fremmed opprinnelse. I de > > > fleste tilfeller eksisterer adekvate og relevante synonymer på norsk. > > > > > > > > > -- > ubuntu-server mailing list > ubuntu-server@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > More info: https://wiki.ubuntu.com/ServerTeam > -- http://ls.net http://drupal.ls.net The path to God starts with a simple act of kindness.
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam