Bug#270593: apache2: /var/wwww should be owned by www-data, not root
Package: apache2
Version: 2.0.50-12
Severity: grave
Justification: user security hole
I'm not sure which process is responsible of creating /var/www, but
I'm resuming that apache2, whcih is the only web server installed
in this system.
The permissions look like this now:
host:~# ls -la /var/www
drwxr-xr-x 3 root root 4096 Sep 6 23:53 .
But wouldn't it bemore secure to to use:
chown -R www-data.www-data /var/www
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-1-386
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to en_US)
Versions of packages apache2 depends on:
ii apache2-mpm-prefork 2.0.50-12 Traditional model for Apache2
-- no debconf information
Reply to: