Am Samstag, 17. Dezember 2005 22:10 schrieb Lucky Leavell:
On Sat, 17 Dec 2005, Christian Boltz wrote:
BTW: Is there a specific reason why you want those files not to be world-readable?
Wouldn't that be a security risk?
No. Almost never. Those files in /srv/www/htdocs are normally public. Why are you running a webserver for them? Even if your webserver has some permission control, the server process must be able to read these files. And if someone breaks apache, he inherits the rights of the apache process. The only situation where you may have to be concerned is if you're running apache with authentication and protected files and additionlly another service, independent of apache. If somebody manages to break into this other service, he eventually can get access to world-readable files there. Write permissions should be avoided if possible, though. Ingo
Thank you, Lucky
-- Ingo Börnig <ingo at boernig.de> /*\ \ / ASCII Ribbon Campaign ask for phone or snail mail X against HTML email / \ GPG-Fingerprint: 2F8B DDFB F2A8 155A 206D 2969 F8FB 3C63 2033 BF32