Help - Search - Members - Calendar
Full Version: Apache 'conf' And 'html' Permissions?
Linuxhelp > Support > Technical Support
rjb25
I am currently running the Apache webserver under Linux RedHat and am relatively new to the whole thing so please bear with me....

I would sincerely appreciate your recommendations as to:

1) Which user/group (e.g. apache) should own the "etc/httpd/conf/" and "var/www/html" folders and sub-contents?
2) What are the appropriate permissions (chmod nnn?) for the named user/group?

If it makes any difference, I am using basic authentication over SSL and all associated certificate/password files are stored in the conf directory.

Thanks in advance.


Rob.
hughesjr
JOEY would be much better at this one...but my install (on a test box) is:

ls -al /etc/httpd | grep conf
drwxr-xr-x 2 root root 4096 Dec 9 18:55 conf

and

ls -al /var/www | grep html
drwxr-xr-x 2 root root 4096 Nov 26 06:32 html

And inside each:

conf:
-rw-r--r-- 1 root root 29914 Nov 26 07:07 httpd.conf
-rw-r--r-- 1 root root 30572 Nov 26 06:41 httpd.conf.bak
-rw-r--r-- 1 root root 12959 Jul 31 10:40 magic

html
-rw-r--r-- 1 root root 117 Nov 26 06:32 index.html
---------------------
The directory /etc/httpd/conf is not accesable via the website ... the /var/www/html is...

I would think the owner doesn't matter....just so long as nobody (or apache ... and their group) has read only access, since one of those users is normally the httpd process owner.
rjb25
Thanks for your response.

Interesting, since my conclusions (see other posting) are a bit different (probably wrong?)

If you have any further thoughts, let me know.


Regards,


Rob.
hughesjr
Well ... your permissions are OK ... (and maybe better ...certianly more secure).

as long as the directories are at least r-x and the files are r-- for the apache:apache user then it isn't an issue ... what you don't want is a rw on ethier the directories or files for apache:apache.

so owned by root:root with 755 on the directories and 644 on the files is OK and owned by apache:apache 500 directories ... 400 files is ok as well.

It makes no real difference unless someone obtains access to the machine ... and they can't change anything unless they get root ... and if they get root (and if they care to change any files) all they have to do is change the permissions and owner...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.