rights

[Raúl Villa <sa...@ie3.com>]

I have created our corporate web site with Suse 7.2, Apache, MySQL, PHP and
OSCommerce (great) but I haven't still hang it on the web. I will do it
soon, but I'm very worry about user rights. Could someone tell me which is
the correct way to do it ?

I supose that is to give rwx r-- r-- to all the files. But I have some
doubts:

- It this the correct way to protect my site?
- when I access the server from our internal network (Win XP) I have no
rights to change files. Actually a change rigths in Linux while I do the
changes, then I protect again.
- Is there any way to access via Samba as root to change my html, php ....
files?
- In my MySQL data directory wich access rights should I put?


Thank you
Raúl Villa



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: rights

[Bill -Sx- Jones <sn...@mac.com>]

On 3/12/02 5:00 AM, "Raúl Villa" <sa...@ie3.com> wrote:

> I supose that is to give rwx r-- r-- to all the files. But I have some
> doubts:
> 
> - It this the correct way to protect my site?
> - when I access the server from our internal network (Win XP) I have no
> rights to change files. Actually a change rigths in Linux while I do the
> changes, then I protect again.
> - Is there any way to access via Samba as root to change my html, php ....
> files?
> - In my MySQL data directory wich access rights should I put?


You have many questions which have nothing to do with Apache -

The SMB/filesystem questions depend upon whether anyone can access your
system via Samba - if so, then you may have other security concerns.

The main MySQL issue I am wondering is - do you believe that the UID 0 and
MySQL ID 'root' are the same thing?  They are not.  The MySQL system uses a
completely different ID schema for access, just be careful not to use any
admin level access codes/passwords over the public Internet and a standard
MySQL install should be good.

As far as file bits and security go - I always use

 -r--rw---- nobody:www somefile.html
 dr-xrwx--- nobody:www somedirectory

(The x's above on a directory allow it to become 'searchable' - ICYDK :)


That way I can place other people in the WWW group with r/w access without
giving other unneeded access.  This helps keep the system security more
finely controllable.

It is better to lock a system tight, then unlock things as you become aware
of how any given lock works - and only then if you understand why the lock
may be required in the first place...


HTH;
-Sx-  :]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org