OS: SuSE 10.0 Pro
I recently installed PostfixAdmin 3.1 doing the install as root and changed file permissions to 640 per the instructions. However, I cannot access it unless I make the files world readable (644).
Question: What owner:group should applications be installed as under /srv/www/htdocs? I currently have phpMyAdmin and PostfixAdmin.
Thank you, Lucky Leavell
Lucky Leavell wrote:
OS: SuSE 10.0 Pro
I recently installed PostfixAdmin 3.1 doing the install as root and changed file permissions to 640 per the instructions. However, I cannot access it unless I make the files world readable (644).
Question: What owner:group should applications be installed as under /srv/www/htdocs? I currently have phpMyAdmin and PostfixAdmin.
Thank you, Lucky Leavell
Lucky,
The user or group that the web server runs as must have read permissions to the files.
-Brandon
Hello,
Am Samstag, 17. Dezember 2005 20:46 schrieb Lucky Leavell:
OS: SuSE 10.0 Pro
I recently installed PostfixAdmin 3.1 doing the install as root and changed file permissions to 640 per the instructions. However, I cannot access it unless I make the files world readable (644).
Question: What owner:group should applications be installed as under /srv/www/htdocs? I currently have phpMyAdmin and PostfixAdmin.
Apache usually runs as user "wwwrun", group "www".
Unless you have a really good reason, I would not recommend to "chown wwwrun" the files - doing so will also give write permissions to these files (which can be a possible security risk)
"chgrp www" (with perms 640/750 for directories) does what you ask for.
BTW: Is there a specific reason why you want those files not to be world-readable?
Regards,
Christian Boltz
Am Samstag, 17. Dezember 2005 22:10 schrieb Lucky Leavell:
On Sat, 17 Dec 2005, Christian Boltz wrote:
BTW: Is there a specific reason why you want those files not to be world-readable?
Wouldn't that be a security risk?
No. Almost never. Those files in /srv/www/htdocs are normally public. Why are you running a webserver for them?
Even if your webserver has some permission control, the server process must be able to read these files. And if someone breaks apache, he inherits the rights of the apache process.
The only situation where you may have to be concerned is if you're running apache with authentication and protected files and additionlly another service, independent of apache. If somebody manages to break into this other service, he eventually can get access to world-readable files there.
Write permissions should be avoided if possible, though.
Ingo
Thank you, Lucky
-
Brandon Hines -
Christian Boltz -
Ingo Boernig -
Lucky Leavell