Re: securing /var/www or web content
Sels, Roger wrote:
>The files in your /var/www should strictly speaking only be accessible to
>your webserver ; for apache usually www-data or apache or httpd accounts
>should have rwx permissions.
>
>
You usually dont want to give the apache user write access to the site.
When Apache is compromised, a remote attacker could change your website
without having to escalate privileges first. Also, when Apache runs
scripts as the apache user (e.g. CGI for a local user), that script
would be able to rewrite your web site.
-- Dan
Reply to: