没有任何理由在Apache的WWW根文件必须由root用户在沙盒中资? [英] Is there any reason files in apache's www-root must be owned by root user in a sandbox?
问题描述
我排除权限问题,如果在Apache的根文件夹中的所有文件被用户的不可以根拥有这可以解决。由于这是一个的SANbox和我在它唯一的一个播放时,也没有任何人的冲突。我会悄悄地打破的东西,如果我有这样的变化?
I'm troubleshooting a permissions problem which could be solved if all files in Apache's root folder were owned by a user not "root". Since this is a sanbox and I'm the only one playing in it, there isn't any human conflict. Will I silently break something if I make this change?
我从来没有质疑到/ home之外的文件是由比系统的超级用户帐号的其他用户所拥有。大多数时候更改权限的确实打破东西,但一想到。 OHHH。如何调皮。哈哈哈。
I've never questioned that files outside of the /home are owned by any other user than the system's root user account. Most of the time changing permissions does indeed break things, but the thought. OHHH. How naughty. hahahah.
推荐答案
一个有点晚了,我很害怕,但我刚刚发现这一点。有一个在这里的评论有很多困惑/误传。你可以做你想做的,这些基本原则之内。我假设httpd的用户和组(见httpd.conf中的用户和组指令)是阿帕奇和阿帕奇;代替你自己的特定的安装。
A bit late, I'm afraid, but I just found this. There's a lot of confusion/misinformation in the comments here. You can do whatever you want, within these basic principles. I'm assuming that the httpd user and group (see the User and Group directives in httpd.conf) are 'apache' and 'apache'; substitute for your own particular installation.
1 - 将文件送达必须是用户阿帕奇
1 - the files to be served must be readable by user 'apache'
2 - 目录必须是用户搜索的'阿帕奇'
2 - the directories must be searchable by user 'apache'
3 - CGI程序必须由用户阿帕奇
3 - CGI programs must be runnable by user 'apache'
4 - 用户'阿帕奇'不应该拥有任何文件
4 - user 'apache' should not own any files
5 - 用户'阿帕奇'不应该被允许写任何文件
5 - user 'apache' should not be permitted to write any files
6 - 组'阿帕奇'不应该被允许拥有或写入任何文件
6 - group 'apache' should not be permitted to own or write to any files
您的设置 - 其中root拥有的文件 - 是可以接受的,但它使大多数设置的更多意义上,谁有权修改文件(通过FTP /等)应该是(a)拥有它们,或(b)在有一组写权限的文件。
Your setup - where root owns the files - is acceptable, but it makes more sense in most setups that whoever has to modify the files (via ftp/etc) should either (a) own them, or (b) be in a group that has write permissions for the files.
拿出符合所有这些标准的方案,你应该确定。显然不允许'别人'有是没有必要的任何权限。这是正常的,但是,对于用户'阿帕奇'是在'人',这样的文件通常需要为别人的读取权限。发表您的具体的解决方案在这里,如果你想让它检查。
Come up with a scheme that meets all these criteria, and you should be Ok. Obviously don't allow 'others' to have any permissions that aren't necessary. It's normal, however, for user 'apache' to be in 'others', so files will normally need read permissions for others. Post your specific solution here if you want it checked.
这篇关于没有任何理由在Apache的WWW根文件必须由root用户在沙盒中资?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
