Welcome to WebmasterWorld Guest from 54.224.57.95

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

LAMPP: what to do with the 'htdocs' folder ? It belongs to "nobody"

     
5:50 pm on Mar 16, 2010 (gmt 0)

5+ Year Member



Hi,

after installing XAMPP on linux i have seen the folder "htdocs" belongs to "nobody".

Has this any intention? Do you think owning that folder is a good practice?

Regards

Javi
1:10 am on Mar 17, 2010 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Hi tirengarfio,

"nobody" is a username which is often used on Linux systems to run processes with little or now access rights. Sometimes the Apache webserver is running is user nobody and this may be the reason why the htdocs directory is assigned to this user.

In general I would say that the owner of the directory which will contain your website scripts should not be the same user which runs the webserver. The reason is, that if the owner of the directory and the scripts is the same, it becomes very easy for a hacker to edit or replace your script via a hole in your scripts. If the ownership is different and the apache server can only read from the directories, a hole can not be exploited that way.

The only exception to this rule is when you use a content management system (CMS) which you can use to edit and create new script files on the fly, or when you use webdav to edit script files on your webserver with a remote connection from your local computer. In that case the apache webserver must have write permissions to the script files and directories.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month