1827703 Members
2875 Online
109967 Solutions
New Discussion

Apache question

 
SOLVED
Go to solution
Gary Glick
Frequent Advisor

Apache question

I have a question regarding ownership of the directory that contains the page files.

Server OS:Fedora Core 2
Apache: 2.0.52
Web page root dir: /home/www
There are several virtual host web pages hosted on this one server each has its own directory under /home/www.

Currently the ownership of the files and directories varies between root and a user that no longer works here. I have been asked to clean up the ownerships.

Question: Are there standard practices for assigning ownerships to the web page files.

Any guidance would be most helpful. I can provide more information on the servers configuration if needed.

Thank you.

Gary Glick

6 REPLIES 6
Ivan Ferreira
Honored Contributor

Re: Apache question

This really depends of the web pages served. The minimal permissions are those required to allow the apache user read the files.

For example, if httpd runs as user apache, group apache (check the User and Group directives in your conf file), then your files can be owned by root:apache with 644 permissions and directories with 755 permissions.

You can use the find command to change the permissions:

chown -R root.apache /home/www
find /home/www -type f -exec chmod 644 {} \;
find /home/www -type d -exec chmod 755 {} \;
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Gary Glick
Frequent Advisor

Re: Apache question

Thank you for the prompt reply.
I'll give your suggestion a try.

In your suggestion:
chown -R root.apache /home/www
find /home/www -type f -exec chmod 644 {} \;
find /home/www -type d -exec chmod 755 {} \;

I think the chown command needs to be root:apache.

I'll send some points your way shortly.

thanks again.
A. Clay Stephenson
Acclaimed Contributor

Re: Apache question

Yes, the chown parameters should be root:apache rather than root.apache.
If it ain't broke, I can fix that.
Ivan Ferreira
Honored Contributor

Re: Apache question

In Linux normally you can use:

chown user.group

Or

chown user:group

This won't work in other Unix flavors
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Steven E. Protter
Exalted Contributor
Solution

Re: Apache question

Shalom,

Best that pages in an httpd server not be owned by root.

Executable code within the page could more easily get root privledges if the page is attacked.

Generally I like all web pages owned by non-priviledged users who can't do anything bad to the system. Generally its the user associated with the user that is posting the content.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Gary Glick
Frequent Advisor

Re: Apache question

Thank you all for your help.
I have been able to get the ownership/ permissions issues resolved.

Gary