Re: securing /var/www or web content
Hi
On Sat, February 25, 2006 5:09 am, Arnel Pastrana said:
>>
>> The files in your /var/www should strictly speaking only be
>> accessible to
>> your webserver ; for apache usually www-data or apache or httpd
>> accounts
>> should have rwx permissions.
>> Grep for these in /etc/passwd if unsure which one to use.
>>
> Yes it uses www-data
That's the account apache uses by default on debian, if installed from the
package ;)
>> You could then set the permissions to xy0 for /var/www with chmod.
>> Test, if your site doesn't funtion adequately anymore, set the
>> permissions
>> for "other" to "r"(4) only.
>>
> Hi thanks for the help when I did this
>> So for instance: chmod -R 770 www-data:www-data (www-data is the
>> account
>> under which the apache daemon runs on Debian).
> It shows in my site forbidden.
>
> May I know what's the problem?
>
> Thanks again.
>
Probably the webserver needs the file(s) to be world-readable. Try a chmod
774 on your website for instance.
Does that work Arnel?
Cheers
Roger
--
Life is 10 percent what you make it and 90 percent how you take it. -
Irving Berlin
Reply to: