why are files/directories owned by www-data !?
Hi,
I have noticed that /var www and /var/lib/dhelp are owned by
www-data.www-data, why?
also all the httpd logs are owned by www-data and are world readable.
they should be root.adm and 640 at a most IMO. on my old redhat box
they were root.root 600.
[eb@plato eb]$ grep www-data /etc/apache/httpd.conf
User www-data
Group www-data
[eb@plato eb]$
since the web server is running as www-data if anyone breaks into it
thus gaining www-data privileges they will be able to modify the web
site if stored in /var/www, they can write to /var/lib/dhelp and can
alter the logs to hide their attack!
If I recall correctly you are never supposed to have any files owned
by the web server.
and it seems that /var/dhelp gets chowned back to www-data every time
its upgraded...
what is the deal here? am i missing something?
--
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Reply to: