[SGVLUG] Securing Apache

Jeff Carlson jeff at ultimateevil.org
Wed Jul 26 11:49:10 PDT 2006


Joel Witherspoon wrote:
> My /var/www directories are owned by root:root all at 755
> My /etc/httpd directories are owned by root:root and at 755 except my logs,
> modules and run - they are at 777

Those are symlinks.  Under Linux, symlinks are (almost) always 777.

> Should I change the directory user:groups to apache:apache for the
> /etc/httpd and /var/www, /var/cgi-bin?

No.  Why?  Do you want the apache user to be able to write there?  You 
would if you are using WebDAV, but not otherwise.

> What is the best way to secure apache with this setup?

 From the sound of things so far, just leaving it alone will be best for 
you.


More information about the SGVLUG mailing list