You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Raúl Villa <sa...@ie3.com> on 2002/03/12 11:00:48 UTC
rights
I have created our corporate web site with Suse 7.2, Apache, MySQL, PHP and
OSCommerce (great) but I haven't still hang it on the web. I will do it
soon, but I'm very worry about user rights. Could someone tell me which is
the correct way to do it ?
I supose that is to give rwx r-- r-- to all the files. But I have some
doubts:
- It this the correct way to protect my site?
- when I access the server from our internal network (Win XP) I have no
rights to change files. Actually a change rigths in Linux while I do the
changes, then I protect again.
- Is there any way to access via Samba as root to change my html, php ....
files?
- In my MySQL data directory wich access rights should I put?
Thank you
Raúl Villa
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: rights
Posted by Bill -Sx- Jones <sn...@mac.com>.
On 3/12/02 5:00 AM, "Raúl Villa" <sa...@ie3.com> wrote:
> I supose that is to give rwx r-- r-- to all the files. But I have some
> doubts:
>
> - It this the correct way to protect my site?
> - when I access the server from our internal network (Win XP) I have no
> rights to change files. Actually a change rigths in Linux while I do the
> changes, then I protect again.
> - Is there any way to access via Samba as root to change my html, php ....
> files?
> - In my MySQL data directory wich access rights should I put?
You have many questions which have nothing to do with Apache -
The SMB/filesystem questions depend upon whether anyone can access your
system via Samba - if so, then you may have other security concerns.
The main MySQL issue I am wondering is - do you believe that the UID 0 and
MySQL ID 'root' are the same thing? They are not. The MySQL system uses a
completely different ID schema for access, just be careful not to use any
admin level access codes/passwords over the public Internet and a standard
MySQL install should be good.
As far as file bits and security go - I always use
-r--rw---- nobody:www somefile.html
dr-xrwx--- nobody:www somedirectory
(The x's above on a directory allow it to become 'searchable' - ICYDK :)
That way I can place other people in the WWW group with r/w access without
giving other unneeded access. This helps keep the system security more
finely controllable.
It is better to lock a system tight, then unlock things as you become aware
of how any given lock works - and only then if you understand why the lock
may be required in the first place...
HTH;
-Sx- :]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org