You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mandy Singh <ma...@gmail.com> on 2008/04/11 16:05:40 UTC
[users@httpd] Re: Running webserver as apache?
Anyone?
On Thu, Apr 10, 2008 at 10:51 PM, Mandy Singh <ma...@gmail.com> wrote:
> Hi,
>
> I need to know if its a good idea to run webserver as user 'apache', have
> all files in webroot owned by user apache and perms 644?
>
> Would this still mean that if server runs as apache and it has read/write
> access, someone could take advantage of loop holes on the site and overwrite
> some files on our site?
>
> Can someone comment?
>
> Thanks,
> Mandy.
>
Re: [users@httpd] Re: Running webserver as apache?
Posted by j k <jo...@gmail.com>.
On Fri, Apr 11, 2008 at 7:27 AM, <ch...@post.ch> wrote:
> Hi Mandy,
>
> > I need to know if its a good idea to run webserver as
> > user 'apache', have all files in webroot owned by user
> > apache and perms 644?
>
> It's not exactly a good idea, but if you are in a situation
> where the advantage outweighs the problems, then go ahead.
>
> > Would this still mean that if server runs as apache
> > and it has read/write access, someone could take
> > advantage of loop holes on the site and overwrite
> > some files on our site?
>
> Simply speaking yes.
>
> You may also want to look into the mod_suexec.
>
> regs,
>
> Christian Folini
>
Hi Christian,
could you point us to any discussion on this topic. I'm interested to know
the pros and cons.
Thanks
Jonny
AW: [users@httpd] Re: Running webserver as apache?
Posted by ch...@post.ch.
Hi Mandy,
> I need to know if its a good idea to run webserver as
> user 'apache', have all files in webroot owned by user
> apache and perms 644?
It's not exactly a good idea, but if you are in a situation
where the advantage outweighs the problems, then go ahead.
> Would this still mean that if server runs as apache
> and it has read/write access, someone could take
> advantage of loop holes on the site and overwrite
> some files on our site?
Simply speaking yes.
You may also want to look into the mod_suexec.
regs,
Christian Folini