I'm setting up a new CentOS 4.4 server to work with Fruity (a frontend program that operates Nagios). For security purposes, what chmod and chown settings do you put on the /var/www/html folders? Also, can anyone recommend any good LAMP hardening guides? While I'm not planning on putting this into production, I'd like to cover all my bases before that's an issue. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070923/e43b6300/attachment-0001.html>
gjgowey at tmo.blackberry.net
2007-Sep-23 17:35 UTC
[CentOS] chmod / chown settings on /var/www/html
I can't answer all your questions, but I can answer a little. Ideally your should have everything from the html dir on down owned by root (or the account of whoever is going to be maintaining the html pages), but with a group of www. The permissions for everything should have the group and others lacking write permission to anything (even if you're using a db). There's no reason apache or anything else needs write permission to those directories unless you're planning to use webdav for publishing your pages. Geoff Sent from my BlackBerry wireless handheld. -----Original Message----- From: "Rogelio Bastardo" <scubacuda at gmail.com> Date: Sun, 23 Sep 2007 10:13:46 To:"CentOS mailing list" <centos at centos.org> Subject: [CentOS] chmod / chown settings on /var/www/html I'm setting up a new CentOS 4.4 server to work with Fruity (a frontend program that operates Nagios). For security purposes, what chmod and chown settings do you put on the /var/www/html folders? ? Also, can anyone recommend any good LAMP hardening guides? While I'm not planning on putting this into production, I'd like to cover all my bases before that's an issue. _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos