[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache2 permissions?



On Fri, 2025-03-07 at 21:44 -0500, Jeffrey Walton wrote:
It is not clear to me why you want vsnyder:adm, and why you want the
world to have access to anything.

Here's how I set up permissions on Apache. It is part of my hardened system.

    # Root owns everything. Apache only gets read access. Others get no access
    $ sudo chown -R root:www-data /var/www
    $ sudo chmod g=r /var/www
    $ sudo chmod o= /var/www

I want to be able to change the web without logging in as root. I occasionally need to send files to recipients that are big enough suffocate their mail readers. Putting a soft link to it in /opt/www without hooking it to my index is an easy way to do that. After it's fetched, I delete it.

I saw a page somewhere that said the web files should have group ownership by root or adm.

I'll change the ownership to vsnyder:www-data and add vsnyder to www-data in /etc/group*.

I'll turn off world access.

Thanks for the advice.


Reply to: