LAMPP: what to do with the 'htdocs' folder ? It belongs to "nobody"
5:50 pm on Mar 16, 2010 (gmt 0)
after installing XAMPP on linux i have seen the folder "htdocs" belongs to "nobody".
Has this any intention? Do you think owning that folder is a good practice?
1:10 am on Mar 17, 2010 (gmt 0)
"nobody" is a username which is often used on Linux systems to run processes with little or now access rights. Sometimes the Apache webserver is running is user nobody and this may be the reason why the htdocs directory is assigned to this user.
In general I would say that the owner of the directory which will contain your website scripts should not be the same user which runs the webserver. The reason is, that if the owner of the directory and the scripts is the same, it becomes very easy for a hacker to edit or replace your script via a hole in your scripts. If the ownership is different and the apache server can only read from the directories, a hole can not be exploited that way.
The only exception to this rule is when you use a content management system (CMS) which you can use to edit and create new script files on the fly, or when you use webdav to edit script files on your webserver with a remote connection from your local computer. In that case the apache webserver must have write permissions to the script files and directories.