2007-04-22 20:35:05 |
Ralph Janke |
apache2: statusexplanation |
|
Thanks for your bug report.
Because of security reasons, these files should not be owned by www-data. They are readable by www-data (and therefore the apache server process) because they are readable by 'others'. However, they are not writable by anyone but root in order to prevent somebody through the apache server maliciously create a backdoor to brake into your system.
Therefore, I would like to close this bug report. Is this acceptable to you ?
Thanks |
|
2007-04-22 22:07:50 |
Carl Karsten |
apache2: statusexplanation |
Thanks for your bug report.
Because of security reasons, these files should not be owned by www-data. They are readable by www-data (and therefore the apache server process) because they are readable by 'others'. However, they are not writable by anyone but root in order to prevent somebody through the apache server maliciously create a backdoor to brake into your system.
Therefore, I would like to close this bug report. Is this acceptable to you ?
Thanks |
I checked around, and it seems 'owned by root' is indeed best.
I got the most definitive answer from:
CarlFK: what is done after the install is a separate issue. I was just questioning the 'root' part of the installer. but so far I am still hearing 'root' is good, right?
niq: yep.
***niq busy preparing his apache security presentation for apachecon
|
|