cannot chang directory to www folder in vsftpd
Paul Howarth
paul at city-fan.org
Fri Aug 26 06:53:39 UTC 2005
On Thu, 2005-08-25 at 16:53 -0500, Jeff Vian wrote:
> The next thing you need is for the user to be able to write to
> the /var/www/html directory.
>
> To accomplish that I make the applicable users members of the apache
> group, set their umask accordingly (the files created/modified need to
> be group writable so I use 002 for the umask.), and last set
> the /var/www/html directory and contents as group writeable "chmod -R
> g+w /var/www/html".
>
> While there are other ways to achieve the same thing this works for me
> and does not change security in any way except to make the /var/www/html
> directory to be group writable by the apache group. Since the server is
> already able to write to that directory tree as the owner (apache) it
> seems to me to not make a big difference.
Since when? /var/www/html is owned by root by default:
# rpm -qlv httpd | grep /var/www/html
drwxr-xr-x 2 root root 0 Jul 26 11:14 /var/www/html
Making it writable by the web server is a bad thing as far as security
goes. Having a group able to write to this directory is a reasonable
suggestion, but that group should be a custom one you create for this
purpose (e.g. "groupadd webdev"), not apache.
> If you are running selinux it likely has other ramifications that are
> not addressed above.
Indeed; SELinux will require that the appropriate context is set for
files that need to be accessed via httpd. See "man httpd_selinux".
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-list
mailing list