[nylug-talk] apache2 file permissions

[Ajai Khattri]

Mark wrote:
> Hi,
>
> I'm running several virtual hosts under apache2. I've put all the virtual host document roots under one system user (/home/$user/virt1, /home/$user/virt2, etc), and therefore all the files are owned by that system user. The reason I haven't put my virtual domains under /var/www is because I didn't want the html files to be owned by root. I've done this out of ignorance since I'm not sure if root owning html files poses some kind of security risk. 
>
> Anyway there hasn't been any problems running things this way so far, until I tried setting up sugarcrm, and was told the file ownerships have to be the same as the system user apache runs under. So I have 2 questions:
>
> What should be the ownership and permission settings for html files, php and cgi scripts?
>
> Should I move all my virtual host document roots from /home/$user/virtx to /var/www/virtx?

There's no problem putting vhosts under /home but what I do is give each 
site its own account and make sure all the files are owned by that 
account (this implies that each site has an account that it lives 
under). Having all vhosts owned by ONE account is probably not a good 
idea (nor is having all sites owned by a system account).

BTW, SugarCRM probably wants certain files/folders owned by the Apache 
user probably because it needs write access (for example, when running a 
CGI script that uploads a file, the script needs to put that file 
somewhere and so needs write access but the script will be running under 
the Apache UID and so the folder needs to be owned by Apache...).



-- 
A