Re: Apache default directories
On Fri, Mar 14, 2014 at 7:44 PM, Jerry Stuckle <jstuckle@attglobal.net> wrote:
> On 3/14/2014 10:20 PM, Peter Michaux wrote:
>>
>> On Fri, Mar 14, 2014 at 7:01 PM, Jerry Stuckle <jstuckle@attglobal.net>
>> wrote:
>>>
>>> On 3/14/2014 9:20 PM, Peter Michaux wrote:
>>>>
>>>>
>>>> Hi,
>>>>
>>>> The default virtual host when Apache is installed on Debian has
>>>> document root /var/www and a cgi-bin directory /usr/lib/cgi-bin. These
>>>> directories do not make intuitive sense to me. If I have static HTML
>>>> pages and some Perl CGI scripts, I would expect they go somewhere
>>>> under /usr/share/. What is the rational behind the chosen default
>>>> directories?
>>>>
>>>> Thanks,
>>>> Peter
>>>>
>>> No way would I want a web user to have access to what's in /usr/share. It
>>> would be a huge security exposure to allow a website user access to other
>>> files in the directory.
>>
>>
>> How would access to one directory allow access to other directories in
>> /usr/share ?
>>
>> If access to a subdirectory of /usr/share is a concern then doesn't
>> access to /usr/lib/cgi-bin cause the same concern for /usr/lib ?
>>
>> Peter
>>
>>
>
> /usr/lib is not a subdirectory of /usr/lib/cgi-bin. A web user can access
> anything in the directory and any subdirectories (based on system
> permissions, of course). But the web user cannot access anything in higher
> directories.
I guess I wasn't clear. By "somewhere under /usr/share", I
specifically meant subdirectories under /usr/share. For example,
"/usr/share/www" and "/usr/share/cgi-bin".
Peter
Reply to: