View Single Post
  #4   (View Single Post)  
Old 23rd July 2008
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336

Originally Posted by ijk View Post
Thank you for your reply
I was thinking of something like
for the documentroot .
just makes it easier to fill in absolute paths in scripts.
Well, scripts have variables, and you can make those pretty short
dir = /usr/local/apache/htdocs leaves you with $dir ..

Does having the docroot so close to root cause any security problem. I cannot think of any. But just want to double check.
No, I don't think the difference between 'cd /' and 'cd ../../../' will deter anyone. And I don't think the document root will really influence where a hacker who manages to trick Apache into giving him a shell ends up on your filesystem.

Also how do you manage sftp transfers of files using a client like cuteftp as it is not safe to allow direct root login. So if you login into cuteftp as a member of the wheel group but try to replace files owned by root I think it is not going to allow you to do that right.
Never allow straight root logins anywhere. Just chown the directory to the user maintaining the site using (s)ftp, or if there are several users maintaining the same site, put them in their own group and chmod the web files to 664. Apache does not care who owns the files, as long as they're world-readable. (--4).
Reply With Quote