[lug] Fun with Apache

Matt Thompson thompsma at colorado.edu
Wed Nov 17 13:38:36 MST 2004


On Wed, 2004-11-17 at 20:40 +0100, rm at fabula.de wrote:
> On Wed, Nov 17, 2004 at 08:55:10AM -0700, Matt Thompson wrote:
> > 
> > #!/bin/bash
> > yum check-update
> > yum --rss-filename=/var/www/html/yum-rss.xml generate-rss updates
> > chown apache.apache /var/www/html/yum-rss.xml
> > 
> > Of course, this is just a rough simple script from an F95 man that will
> > probably kill PID 1 given a chance.  What do the BLUG gurus say on the
> > matter of security (or script design).
> 
> IANAG but i tend _not_ to give my data to the user the webserver is
> running as. The server only ever needs read permissions to server
> the data (unless we're talking about mod_dav, but that's a different
> story). If you chown instead of chmod then, in case of an apache break
> in, your data can be compromised. 

OK.  Like I said, in the squirrelmail and subversion setups, they always
said to make all the files owned by www or apache.  So, I followed that.
But, it's simple enough to remove that.

Thanks,
Matt
-- 
Learning just means you were wrong and they were right. - Aram
   Matt Thompson -- http://ucsub.colorado.edu/~thompsma/
   440 UCB, Boulder, CO  80309-0440
   JILA A510, 303-492-4662
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20041117/ee6648e9/attachment.pgp>


More information about the LUG mailing list