Permissions for an apache webserver
I'm running my own Debian 6.0 server. I have used the following guide for setting the system up (did not install ispconfig):
A short summary:
Apache 2.2.16, Postfix mail server, MySQL, BIND nameserver, PureFTPd, SpamAssassin, ClamAV, Fail2ban, MySQL.
For the handling of homepages I use the apache directive in virtual.conf.
However I'm not quite sure, what to do with permissions. My ftp-users (virtual and chrooted) are all running as user 'ftpuser' as a member of 'ftpgroup'.
My current setup is as follows:
/var/www/ drwxrwxr-x root root
/var/www/domain.dk/ drwxr-xr-x ftpuser ftpgroup
/var/www/domain.dk/index.php -rw-r--r-- ftpuser ftpgroup
Currently it isn't possible for PHP to create new files in directory "domain.dk", only for the ftp users. I would like both to be able to do so.
With security in mind, is it okay, to make apache a part of the 'ftpgroup', which would give apache access to all domains?
Do you have any other suggestions for improving security?
There is a very good thread about this issue. Especially the post of NominalAnimal.
|All times are GMT -5. The time now is 12:25 AM.|