Who should own html files?
Paul Howarth
paul at city-fan.org
Tue Jun 20 10:11:39 UTC 2006
Arthur Pemberton wrote:
> On 6/20/06, Knute Johnson <knute at frazmtn.com> wrote:
>> I'm setting up my HTTP server and I'm not sure who should own my html
>> files. These are not user files but the files I keep in my document
>> root, /var/www/html. Currently they are owned by root:root.
>>
>> What about cgi script files in /var/www/cgi-bin? I wouldn't think
>> you would want them owned by root?
>
> You don't want any of those files owned by root. Ideally, they should
> be owned by the user who will be editing them. Otherwise, you can let
> them be owned by apache (or whatever your httpd is running as)
You don't want them owned by apache unless you have a web app running
that needs to be able to write to them. It's a security issue otherwise,
since a compromised/broken web server could overwrite your HTML files.
They should be owned by whoever will be editing them, as Arthur said. If
nobody's going to be editing them, having them owned by root is fine.
Paul.
More information about the fedora-list
mailing list