I might note that PhpMyAdmin installed in the document root (
/var/www/htdocs) is owned by
root, its group is
apache and the directory mode is 750:
Code:
drwxr-x--- 8 root apache 4096 Nov 29 16:58 phpmyadmin/
That is,
root owns it,
apache has access,
public is unable to access. Within the
phpmyadmin directory, all directories and files are owned by
root, group
apache; file mask is
640, directory mask is
750 (this is done by the
config.php set up program you execute from the browser). All the files are PHP code or CSS code, some documentation, some JavaScript and so on -- it's a PHP application and does not contain any compilable source code whatsoever.
In order to use it, you will (probably) need to at least modify
/etc/httpd/httpd.conf (or whatever the name and location of your
httpd.conf file happens to be), adding "index.php" in this section:
Code:
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
then restart the
httpd daemon.
Follow the installation instructions in the PhpMyAdmin documentation for any other changes to
httpd.conf (I don't remember any others right now but there may some).
You can safely install PhpMyAdmin in your document root (the owner, group and mask given above make doing so feasible). You can install it above the document root and add a symlink in the document root so Apache can "see" it (that's a little harder, you have to all symlinks in
httpd.conf); "above" here means in
/var/www or, for example,
/usr/local or any other spot you choose -- bear in mind that you then have to deal with symlinks in
httpd.conf and, probably, a lot of screwing around to get it working.
Is it safe? Yes -- as long as your root password is not compromised, it is. There should not be a password on
apache (either the account or the group), there is no need for one. If your root password is compromised, well, the entire system is hosed and all bets are off (guard it well).
Hope this helps some.