[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: securing /var/www or web content

Hi
On Sat, February 25, 2006 5:09 am, Arnel Pastrana said:
>>
>> The files in your /var/www should strictly speaking only be
>> accessible to
>> your webserver ; for apache usually www-data or apache or httpd
>> accounts
>> should have rwx permissions.
>> Grep for these in /etc/passwd if unsure which one to use.
>>
> Yes it uses www-data

That's the account apache uses by default on debian, if installed from the
package ;)

>> You could then set the permissions to xy0 for /var/www with chmod.
>> Test, if your site doesn't funtion adequately anymore, set the
>> permissions
>> for "other" to "r"(4) only.
>>
> Hi thanks for the help when I did this
>> So for instance: chmod -R 770 www-data:www-data (www-data is the
>> account
>> under which the apache daemon runs on Debian).
> It shows in my site forbidden.
>
> May I know what's the problem?
>
> Thanks again.
>

Probably the webserver needs the file(s) to be world-readable. Try a chmod
774 on your website for instance.

Does that work Arnel?

Cheers

Roger

-- 
Life is 10 percent what you make it and 90 percent how you take it. -
Irving Berlin
Reply to: