apache files docs owned by root.
Bug #62068 reported by
Carl Karsten
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Ubuntu) |
Invalid
|
Undecided
|
Ralph Janke |
Bug Description
Binary package hint: apache2
i think these dirs/files should be owned by www-data, not root.
juser@yate2:/var$ ls -ld www www/apache2-
drwxr-xr-x 3 root root 4096 2006-09-23 13:46 www
drwxr-xr-x 2 root root 4096 2006-09-23 13:46 www/apache2-
-rw-r--r-- 1 root root 2160 2004-11-21 08:35 www/apache2-
juser@yate2:/var$ grep www /etc/passwd
www-data:
To post a comment you must log in.
Thanks for your bug report.
Because of security reasons, these files should not be owned by www-data. They are readable by www-data (and therefore the apache server process) because they are readable by 'others'. However, they are not writable by anyone but root in order to prevent somebody through the apache server maliciously create a backdoor to brake into your system.
Therefore, I would like to close this bug report. Is this acceptable to you ?
Thanks