homepage Welcome to WebmasterWorld Guest from 54.198.66.250
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
LAMPP: what to do with the 'htdocs' folder ? It belongs to "nobody"
tirengarfio




msg:4098940
 5:50 pm on Mar 16, 2010 (gmt 0)

Hi,

after installing XAMPP on linux i have seen the folder "htdocs" belongs to "nobody".

Has this any intention? Do you think owning that folder is a good practice?

Regards

Javi

 

lammert




msg:4099176
 1:10 am on Mar 17, 2010 (gmt 0)

Hi tirengarfio,

"nobody" is a username which is often used on Linux systems to run processes with little or now access rights. Sometimes the Apache webserver is running is user nobody and this may be the reason why the htdocs directory is assigned to this user.

In general I would say that the owner of the directory which will contain your website scripts should not be the same user which runs the webserver. The reason is, that if the owner of the directory and the scripts is the same, it becomes very easy for a hacker to edit or replace your script via a hole in your scripts. If the ownership is different and the apache server can only read from the directories, a hole can not be exploited that way.

The only exception to this rule is when you use a content management system (CMS) which you can use to edit and create new script files on the fly, or when you use webdav to edit script files on your webserver with a remote connection from your local computer. In that case the apache webserver must have write permissions to the script files and directories.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved