[plug] Simple Web questions - Debian Linux
Trevor Phillips
phillips at central.murdoch.edu.au
Mon Jun 14 05:49:39 WST 1999
Jeremy Malcolm wrote:
>
> No I meant the file permissions. I should have explained myself
> better. I lost all my file permissions a while ago in a freak boating
> accident (OK who am I fooling, it was a sysadmin blunder) so I'm not
> sure what the default was before I restored everything to "root"
> ownership.
A webserver only needs read access to dish up files, so IMHO it's best if your
files are owned by someone other than what the webserver runs as, with
permissions (via group or other) of read-only for the Webserver.
> But for the root Web site (/var/www under Debian) the default owner of
> the files is, I suppose, root. If I later implement something like
> suexec, having the files owned by root will require my CGI scripts to
> run as root too - which is not only bad, but (as I understand it)
> impossible.
Nothing's impossible. ^_^
Your CGI's don't need to run as root. Hmmm. Trying to remember how suexec
handled the main dir structure; I think it mainly kicks in for user dirs.
I think you can specify WHO your CGI's run as, so even if owned by root,
they'll run as non-root. It may have some funny ownership/run as thingo tho;
Can't remember for sure. ^_^;;
> <shame>It is the Frontpage patch.</shame>
*ROFL*
I almost installed that, till I got barraged by warnings from people about how
insecure it makes the system. ^_^
(Not that I really wanted it on the system myself ...)
--
. Trevor Phillips - http://jurai.murdoch.edu.au/ .
: CWIS Technical Officer - T.Phillips at murdoch.edu.au :
| IT Services - Murdoch University |
>------------------- Member of the #SAS# & #CFC# --------------------<
| On nights such as this, evil deeds are done. And good deeds, of /
| course. But mostly evil, on the whole. /
\ -- (Terry Pratchett, Wyrd Sisters) /
More information about the plug
mailing list