LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Permissions for an apache webserver (http://www.linuxquestions.org/questions/linux-security-4/permissions-for-an-apache-webserver-881882/)

Morten 05-20-2011 08:37 PM

Permissions for an apache webserver
 
Hi,

I'm running my own Debian 6.0 server. I have used the following guide for setting the system up (did not install ispconfig):

http://www.howtoforge.com/perfect-se...er-ispconfig-3

A short summary:
Apache 2.2.16, Postfix mail server, MySQL, BIND nameserver, PureFTPd, SpamAssassin, ClamAV, Fail2ban, MySQL.

For the handling of homepages I use the apache directive in virtual.conf.

However I'm not quite sure, what to do with permissions. My ftp-users (virtual and chrooted) are all running as user 'ftpuser' as a member of 'ftpgroup'.

My current setup is as follows:

/var/www/ drwxrwxr-x root root
/var/www/domain.dk/ drwxr-xr-x ftpuser ftpgroup
/var/www/domain.dk/index.php -rw-r--r-- ftpuser ftpgroup

Currently it isn't possible for PHP to create new files in directory "domain.dk", only for the ftp users. I would like both to be able to do so.
With security in mind, is it okay, to make apache a part of the 'ftpgroup', which would give apache access to all domains?

Do you have any other suggestions for improving security?

Best regards
Morten

hua 05-21-2011 03:32 AM

There is a very good thread about this issue. Especially the post of NominalAnimal.
http://www.linuxquestions.org/questi...287/page2.html


All times are GMT -5. The time now is 02:56 AM.