-   Linux - Security (
-   -   Permissions for an apache webserver (

Morten 05-20-2011 09:37 PM

Permissions for an apache webserver

I'm running my own Debian 6.0 server. I have used the following guide for setting the system up (did not install ispconfig):

A short summary:
Apache 2.2.16, Postfix mail server, MySQL, BIND nameserver, PureFTPd, SpamAssassin, ClamAV, Fail2ban, MySQL.

For the handling of homepages I use the apache directive in virtual.conf.

However I'm not quite sure, what to do with permissions. My ftp-users (virtual and chrooted) are all running as user 'ftpuser' as a member of 'ftpgroup'.

My current setup is as follows:

/var/www/ drwxrwxr-x root root
/var/www/ drwxr-xr-x ftpuser ftpgroup
/var/www/ -rw-r--r-- ftpuser ftpgroup

Currently it isn't possible for PHP to create new files in directory "", only for the ftp users. I would like both to be able to do so.
With security in mind, is it okay, to make apache a part of the 'ftpgroup', which would give apache access to all domains?

Do you have any other suggestions for improving security?

Best regards

hua 05-21-2011 04:32 AM

There is a very good thread about this issue. Especially the post of NominalAnimal.

All times are GMT -5. The time now is 11:45 PM.