Ask Your Question

Revision history [back]

Giving apache ownership or write access to full document root tree is a terrible idea.

Lot of vulnerability exploits take benefit of this lack of security.

Apache ONLY need read access to scripts (e.g. PHP)

It may need write access to a few set of directories (temp, upload, cache...) Only these directories should be writable, and usually put outside the web tree.

Giving apache ownership or write access to full document root tree is a terrible idea.

Lot of vulnerability exploits take benefit of this lack of security.

Apache ONLY need read access to scripts (e.g. PHP)

It may need write access to a few set of directories (temp, upload, cache...) Only these directories should be writable, and usually put outside the web tree.

P.S. I'm aware than some web applications need write access to the full tree fir their "auto-update" feature, this is a terrible feature, lowering whole security of the server (e.g. owncloud, nextcloud, wordpress...)

Giving apache ownership or write access to full document root tree is a terrible idea.

Lot of vulnerability exploits take benefit of this lack of security.

Apache ONLY need read access to scripts (e.g. PHP)

It may need write access to a few set of directories (temp, upload, cache...) Only these directories should be writable, and usually put outside the web tree.

P.S. I'm aware than some web applications need write access to the full tree fir for their "auto-update" feature, this is a terrible feature, lowering whole security of the server (e.g. owncloud, nextcloud, wordpress...)