Dave Gutteridge
2005-Sep-19 16:06 UTC
[CentOS] Is it bad for my web document folder to be user accessible?
PHP and MySQL seem to working on my CentOS installation. I'd like to install phpMyAdmin as well, so I downloaded the necessary files from phpMyAdmin's homepage and copied them to /var/www/html... ... except that's where the process stopped. My regular user account doesn't have permission to write into the /var/www/html folder. Should I just chmod the folder to 777? Is there a reason it's not already user accessible? This is a local machine where I'll be testing web pages of my own design, and not accessible from the web. Or at least I hope not. If I'm running an Apache server just for local files, it's not being seen on the web, is it? Dave
Matt Hyclak
2005-Sep-19 16:22 UTC
[CentOS] Is it bad for my web document folder to be user accessible?
On Tue, Sep 20, 2005 at 01:06:16AM +0900, Dave Gutteridge enlightened us:> PHP and MySQL seem to working on my CentOS installation. > I'd like to install phpMyAdmin as well, so I downloaded the necessary > files from phpMyAdmin's homepage and copied them to /var/www/html... > > ... except that's where the process stopped. My regular user account > doesn't have permission to write into the /var/www/html folder. > > Should I just chmod the folder to 777? Is there a reason it's not > already user accessible? > > This is a local machine where I'll be testing web pages of my own > design, and not accessible from the web. > > Or at least I hope not. If I'm running an Apache server just for local > files, it's not being seen on the web, is it? >You probably don't want world write permissions on your publicly accessible directory. Ever. If anyone finds a bug in apache/php/etc, it makes their life a whole lot easier. Generally with phpMyAdmin, I do the following (as root): 1. Extract the tarball in /var/www, resulting in /var/www/phpMyAdmin-2.X.X 2. Create a phpmyadmin.conf file in /etc/httpd/conf.d directory that contains the line: Alias /phpMyAdmin "/var/www/phpMyAdmin-2.X.X" This lets me try out new versions without losing old versions, etc, just by changing the Alias in the conf file. Don't forget to reload apache after adding the file (/sbin/service httpd graceful) As a general rule, anything that is happening "globally" on the system will have to be performed with superuser permissions (either by becoming root via "su -", or by using the sudo command). In this specific case, if you wanted to do it only using your user privelidges, you would have to install phpMyAdmin into your home directory ($HOME/public_html). Matt -- Matt Hyclak Department of Mathematics Department of Social Work Ohio University (740) 593-1263
Preston Crawford
2005-Sep-19 16:23 UTC
[CentOS] Is it bad for my web document folder to be user accessible?
On Tue, 2005-09-20 at 01:06 +0900, Dave Gutteridge wrote:> ... except that's where the process stopped. My regular user account > doesn't have permission to write into the /var/www/html folder. > > Should I just chmod the folder to 777? Is there a reason it's not > already user accessible?I'm not going to tell you what to do, because I'm not entirely certain what best practices on this would be. I'll just tell you what I do. What I do is this. First off, in the case of applications like phpMyAdmin (which may be easier to install via yum, if it's in there, can't recall), I let the application go where it's supposed to go. Same with CVSWeb, etc. So I wouldn't have to touch it, because it would be readable by "other", so like 755, which is what /var/www/html is to start with. So for applications like that I don't need to change permissions. For my personal applications I usually create a group for web development. Then I put myself in that group and I create a directory under /var/www/sites/ (a folder I create with root) for my application which I think make 775 with ownership of root:<webdevgroup>. This way I can freely copy files into that directory, without modifying the permissions of /var/www/html. Then, as I mentioned earlier I setup a virtual host for this directory. I explained that in an earlier thread. That way when I go to http://mytestingserver I get that directory served up to me as if it were a root URL. I can copy files in, etc. and I'm not messing around with any of the pre-installed directories. That's what I do, but I'm not sure what best practices are. I go that extent, mostly because I know I'll end up working on 5 or 6 other sites, so they all need to have their own directory. Plus it just feels cleaner to put them in separate directories, then use virtual hosts. Whether it is or not, maybe someone else can answer. Preston
Jim Perrin
2005-Sep-19 16:28 UTC
[CentOS] Is it bad for my web document folder to be user accessible?
On 9/19/05, Dave Gutteridge <dave at tokyocomedy.com> wrote:> > PHP and MySQL seem to working on my CentOS installation. > I'd like to install phpMyAdmin as well, so I downloaded the necessary > files from phpMyAdmin's homepage and copied them to /var/www/html... > > ... except that's where the process stopped. My regular user account > doesn't have permission to write into the /var/www/html folder. >Some things to consider here. You may want to make a web group, add your user to it, and make /var/www/html writeable by members of that group. then you won't need to be root, or worry about any other users who should not have access connecting.> Should I just chmod the folder to 777? Is there a reason it's not > already user accessible?No. this is a bad idea. It's not user accessible to protect it from users. you don't want people being able to rewrite files without making sure they should be able to. If you change the permissions as you say, there's nothing to stop a malicious user from rewriting it to break, email passwords to them, alter your db, etc...> > This is a local machine where I'll be testing web pages of my own > design, and not accessible from the web. >good. php-myadmin should NOT be wide open to the world.> Or at least I hope not. If I'm running an Apache server just for local > files, it's not being seen on the web, is it? >Depends on how you have your config set. You could add a section to httpd.conf and restrict myadmin to local network ips, or ideally, just localhost. I'd also recommend only making it accessible over https, using cookie or http based auth instead of config based auth etc. If you want more detail on anything I'v mentioned, let me know. I'm being brief because I'm not sure which way you want to go yet. -- Jim Perrin System Administrator - UIT Ft Gordon & US Army Signal Center
Les Mikesell
2005-Sep-19 16:39 UTC
[CentOS] Is it bad for my web document folder to be user accessible?
On Mon, 2005-09-19 at 11:06, Dave Gutteridge wrote:> PHP and MySQL seem to working on my CentOS installation. > I'd like to install phpMyAdmin as well, so I downloaded the necessary > files from phpMyAdmin's homepage and copied them to /var/www/html... > > ... except that's where the process stopped. My regular user account > doesn't have permission to write into the /var/www/html folder.When you are installing programs you generally need to run as root.> Should I just chmod the folder to 777? Is there a reason it's not > already user accessible?Most places should not be world-writable. Better to change ownership to whoever needs to write and make it writable by owner or group. If it doesn't matter who sees it, you can make it world readable.> This is a local machine where I'll be testing web pages of my own > design, and not accessible from the web. > > Or at least I hope not. If I'm running an Apache server just for local > files, it's not being seen on the web, is it?That depends on your firewalls and routing. If you have a public address, it probably is. -- Les Mikesell lesmikesell at gmail.com