[nycphp-talk] Apache configuration question
Hans Zaunere
zaunere at yahoo.com
Tue Sep 10 09:51:12 EDT 2002
--- Mike Myers <myersm at optonline.net> wrote:
>
> Within our intranet, my department uses a WinNT sharevolume to store
> shared
> documents, mostly PDFs and MS Office files.
....
> I am running Apache on MacOSX, and the server is also running DAVE,
> which
> allows me to mount the WinNT sharevolume.
Whew...
> I confirmed that I can browse the sharevolume if I make the necessary
> owner
> and group change to the http.conf file, as well as include an Alias
> that
> points to the mounted directory. But I wonder if that is a bad
> security
> move.
>
> Is there a safer way to configure this?
If you need to have the files readable, then they need to be, well,
readable.
> I could try changing the owner of the mounted sharevolume to
> "nobody", but I don't know if that has any impact on the WinNT side
> of things.
I haven't a clue how WinNT/OS-X all sees this, but it's generally a bad
idea to set the owner to an untrusted/generic user (especially nobody -
remember, if nobody owns everything, then he's somebody). I generally
own everything as root or a specific regular user (that I set up only
for the task at hand), and then set group and world perms as needed.
Also, don't forget, that the owner of a given asset has special
abilities, up and above what ls -al shows as rwx permissions (which is
why I'm always finekey about setting the owner - there are also some
notes about primary group, etc. but I don't remember all the details).
HTH,
H
__________________________________________________
Yahoo! - We Remember
9-11: A tribute to the more than 3,000 lives lost
http://dir.remember.yahoo.com/tribute
More information about the talk
mailing list