On Mon, Jun 05, 2000 at 08:04:07AM +0900, Olaf Meeuwissen wrote: > > Thanks. I thought the same thing, but then noticed dwww in there so I > started to wonder. Should I file that as a bug? It's only a symlink > to /var/lib/dwww/html though ... i don't know what dwww is, if its one of those documentation type of things that really is only meant to be used by local users, it really should not be in the document root. instead apache should be configured with a localhost only entry for /var/lib/dwww like you would do for /usr/share/doc or such. > > just make sure its not owned by www-data.www-data! > > I did, after reading your comments on the list. Now just about every- > thing is owned by root.www-data with 2755/0644 permissions. that works well, this way you can still have things like .htaccess and .htpasswd files mode 640 (along with password protected sites) protecting them against local users bypassing the htpasswd access controls with a simple file:/var/www/secret/. you just have to make sure your not using a 00* umask in there... -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp47SYH6yYhX.pgp
Description: PGP signature