Re: Web directories attacked with bad .htaccess
On Friday 27 January 2006 11:59, Ramon Acedo wrote:
> Hello,
Hello
> As a measure I changed 777 to www-data owner + 755:
>
> find . -perm 777 -exec chmod 755 {} \; -exec chown www-data {} \;
>
> Where . was DocumentRoot
chown www-data is IMHO bad idea. Apache/CGI/PHP will still have full
(read/write) access to web content. (Unless you use suexec or something
similar.) Web pages should be owned by some normal unprivileged user,
preferably the one who reads "webmaster" e-mail and chmod 644 (or 755 for
directories)
--
Regards
Vladki
Reply to: