[Q]: .htaccess denied by Apache web-server

[Marc Slemko <ma...@znep.com>]

>From: c.c.eiftj@26.usenet.us.com (Rahul Dhesi)
>Newsgroups: comp.security.unix
>Subject: Re: [Q]: .htaccess denied by Apache web-server
>Date: 20 Feb 1998 05:01:51 GMT
>Organization: a2i network
>Lines: 24
>Message-ID: <6c...@samba.rahul.net>
>References: <Pi...@eduserv2.rug.ac.be> <6c...@samba.rahul.net> <34...@mecanic.rug.ac.be>
>NNTP-Posting-Host: waltz.rahul.net
>NNTP-Posting-User: dhesi
>X-Comment: Encoded From: line allows replies that preserve original subject
>Path: scanner.worldgate.com!news.maxwell.syr.edu!news2.chicago.iagnet.net!streamer1.cleveland.iagnet.net!qual.net!iagnet.net!news-w.ans.net!newsfeeds.ans.net!news.lava.net!coconut-wireless!news.flex.com!samba.rahul.net!rahul.net!a2i!dhesi.a2i!dhesi
>Xref: scanner.worldgate.com comp.security.unix:41577     

In <34...@mecanic.rug.ac.be> Wim Van Paepegem
<wi...@mecanic.rug.ac.be> writes:

>> >It has the permissions :
>> >-rw-rw-rw-   1 wim      wim            87 Feb 13 10:44 .htaccess
>> 
>> Of what use is a .htaccess file that is world-writable?

>>That's not a bug.  It has to be readable by whomever you've configured
>>as "User" in httpd.conf.

>So, that's why I made this file world readable.

You also made it world-writabe, though, which makes it useless,
because anybody can now overwrite it.

Many programs in the UNIX world will check critical files to make sure
they are not world-writable, and will skip using the information in such
files.  I haven't checked, but maybe Apache does the same thing?

By the way, there was no need to send me a copy of your posting
formatted to look like private email.
-- 
Rahul Dhesi <dh...@spams.r.us.com>