Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Ownership of Directories/Files under /srv/www/htdocs
  • From: Christian Boltz <suse-security@xxxxxxxxx>
  • Date: Sat, 17 Dec 2005 22:04:44 +0100
  • Message-id: <200512172204.45126@xxxxxxxxxxxxxxx>
Hello,

Am Samstag, 17. Dezember 2005 20:46 schrieb Lucky Leavell:
> OS: SuSE 10.0 Pro
>
> I recently installed PostfixAdmin 3.1 doing the install as root and
> changed file permissions to 640 per the instructions. However, I
> cannot access it unless I make the files world readable (644).
>
> Question: What owner:group should applications be installed as under
> /srv/www/htdocs? I currently have phpMyAdmin and PostfixAdmin.

Apache usually runs as user "wwwrun", group "www".

Unless you have a really good reason, I would not recommend to "chown
wwwrun" the files - doing so will also give write permissions to these
files (which can be a possible security risk)

"chgrp www" (with perms 640/750 for directories) does what you ask for.

BTW: Is there a specific reason why you want those files not to be
world-readable?


Regards,

Christian Boltz
--
Das wird mit TCPA alles vorbei sein. Nicht, dass Windows dann stabiler
läuft, aber auch die Abstürze sind zertifiziert.
[Matthias Houdek in linux-liste]

< Previous Next >
Follow Ups
References