Hi, I am trying to get a few Content Management Systems up and running. But I have security concerns with respect to them
1) please see following link http://www.dokeos.com/doc/installation_guide.html section 2 says The following directories need to be readable, writeable and executable for everyone: * dokeos/main/inc/conf/ * dokeos/main/upload/users/ * dokeos/main/default_course_document/ * dokeos/archive/ * dokeos/courses/ * dokeos/home/ I am not very happy with this idea of having directories to be readable,writeable and executable for every one. 2) http://doc.claroline.net/en/index.php/Install_general_information the section Rights on folders says " If you don't want to set write access on the whole folders, which is recommended for security reasons, give to the web server user write access on these folders : " Is this a recommended practice.? 3) Also another LMS (Learning Management System) while installing asked to give some folders writeable and executable for every one here is a link http://atutor.ca/atutor/docs/installation.php While installing it I got a message “The directory you specify must be created if it does not already exist and be writeable by the webserver. On Unix machines issue the command chmod a+rwx content, additionally the path may not contain any symbolic links. chmod a+rwx /var/www/atutor/content” 4) Another LMS docebolms asked to give write permissions on files/doceboCore/photo files/common/users files/doceboLms/course files/doceboLms/forum files/doceboLms/item files/doceboLms/message files/doceboLms/project files/doceboLms/scorm files/doceboLms/test I checked its documentation http://www.docebo.org/doceboCms/index.php?mn=docs&op=docs&pi=5_4&folder=7 but was not that helpful. I am not at all convinced by the idea of giving permissions to read,write and execute as these Learning Management Systems say. Let me know what you people have to say? What is the best practise in such situations? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
