itemprop="text">
I always did
this:
- chown
apache2:apache2 /var/www/ -vR - chmod 555 /var/www/ -vR
- chmod 755
/var/www/a/special/dir/which/needs/write/permissions/ -vR
- OR instead of 2, 3 just set permissions to
755
Recently I came to
know that setting apache as user is not secure, how come? And what are the
alternatives?
What are other good
practices for increasing a webserver (apache) security?
Answer
You may want to investigate chroot-ing your
web-servers as well. Better yet, run each application in its own virtual machine with
its own apache and what nots. That way, even if compromised, the only vulnerable machine
is the VM one.
However, when you talk about
apache security, you should be a little more specific about what kind of attacks are you
interested in protecting against.
Comments
Post a Comment