Re: Apache default directories

To: debian-user@lists.debian.org
Subject: Re: Apache default directories
From: Peter Michaux <petermichaux@gmail.com>
Date: Fri, 14 Mar 2014 19:20:09 -0700
Message-id: <[🔎] CAG0y48C-d9xqTOJ0C6fBV=Q4BUA5w9FzKmJR4SvvRNETM3D-aw@mail.gmail.com>
In-reply-to: <[🔎] 5323B494.3010109@attglobal.net>
References: <[🔎] CAG0y48CYG1fSoGSK+2HGk2t57-kdqC1Pt_g6d=jSqLf5yvha6Q@mail.gmail.com> <[🔎] 5323B494.3010109@attglobal.net>

On Fri, Mar 14, 2014 at 7:01 PM, Jerry Stuckle <jstuckle@attglobal.net> wrote:
> On 3/14/2014 9:20 PM, Peter Michaux wrote:
>>
>> Hi,
>>
>> The default virtual host when Apache is installed on Debian has
>> document root /var/www and a cgi-bin directory /usr/lib/cgi-bin. These
>> directories do not make intuitive sense to me. If I have static HTML
>> pages and some Perl CGI scripts, I would expect they go somewhere
>> under /usr/share/. What is the rational behind the chosen default
>> directories?
>>
>> Thanks,
>> Peter
>>
> No way would I want a web user to have access to what's in /usr/share. It
> would be a huge security exposure to allow a website user access to other
> files in the directory.

How would access to one directory allow access to other directories in
/usr/share ?

If access to a subdirectory of /usr/share is a concern then doesn't
access to /usr/lib/cgi-bin cause the same concern for /usr/lib ?

Peter

Reply to:

Follow-Ups:
- Re: Apache default directories
  - From: Jerry Stuckle <jstuckle@attglobal.net>

References:
- Apache default directories
  - From: Peter Michaux <petermichaux@gmail.com>
- Re: Apache default directories
  - From: Jerry Stuckle <jstuckle@attglobal.net>

Prev by Date: Re: Apache default directories
Next by Date: Re: Debian + Dell + double screen
Previous by thread: Re: Apache default directories
Next by thread: Re: Apache default directories
Index(es):
- Date
- Thread