[lug] Fun with Apache
Matt Thompson
thompsma at colorado.edu
Wed Nov 17 13:38:36 MST 2004
On Wed, 2004-11-17 at 20:40 +0100, rm at fabula.de wrote:
> On Wed, Nov 17, 2004 at 08:55:10AM -0700, Matt Thompson wrote:
> >
> > #!/bin/bash
> > yum check-update
> > yum --rss-filename=/var/www/html/yum-rss.xml generate-rss updates
> > chown apache.apache /var/www/html/yum-rss.xml
> >
> > Of course, this is just a rough simple script from an F95 man that will
> > probably kill PID 1 given a chance. What do the BLUG gurus say on the
> > matter of security (or script design).
>
> IANAG but i tend _not_ to give my data to the user the webserver is
> running as. The server only ever needs read permissions to server
> the data (unless we're talking about mod_dav, but that's a different
> story). If you chown instead of chmod then, in case of an apache break
> in, your data can be compromised.
OK. Like I said, in the squirrelmail and subversion setups, they always
said to make all the files owned by www or apache. So, I followed that.
But, it's simple enough to remove that.
Thanks,
Matt
--
Learning just means you were wrong and they were right. - Aram
Matt Thompson -- http://ucsub.colorado.edu/~thompsma/
440 UCB, Boulder, CO 80309-0440
JILA A510, 303-492-4662
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20041117/ee6648e9/attachment.pgp>
More information about the LUG
mailing list