[olug] secure lamp configuration research

Kevin sharpestmarble at gmail.com
Tue Jul 22 06:35:27 UTC 2008 

One option would be to have everything under /var/www/html or wherever
owned by the user who created it(user1,user2,etc). Turn on the setgid
bit for /var/www/html and set that directory's group to webmasters,
which anyone who is authorized to update the website is a part of .
Set permissions as you described.

This will provide tracking of who created a file, while still letting
anyone authorized to update it.

What this won't solve is if several groups are to be permitted to
update it, while others are not i.e. management and webmasters, while
a general it-group cannot update it. It also won't tell you who was
the last person to modify it.

If this isn't what you were referring to, then you'll have to clarify
your question; I tried my best to identify and answer the question
asked.

On Mon, Jul 21, 2008 at 4:02 PM, Noel Leistad <noel at metc.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm thinking about expanding the availability of LAMP on some servers.
>
> This gives rise to questions RE: best practices for security ie: how do
> I assign user:group when setup calls for 775/664 directory/file?
>
> Read a piece at ibm.com/developerworks detailing mod_proxy...anybody got
> some additional resources I could consider?
>
> The group writable thing has been the "un-scratchable itch" for a while,
> but I'm struggling w/ understanding in-depth.
>
> Once I've got that under control, then I'm headed for ftp configuration
> that'll support same....
>
> All comments welcome.
>
> TIA!!
>
> - --
> #######################################################
> #  Noel Leistad                                       #
> #  noel at metc.net                                      #
> #######################################################
>
>
> Sauron is alive in Argentina!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFIhPlhOOK3iqPtSz8RAseEAJ94MaAmTWxi2IvhS7seiR2mhVG9jACgvHvY
> rcJ/x4u1lu/SMbbbMZ1Dptg=
> =YF+R
> -----END PGP SIGNATURE-----
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>

More information about the OLUG mailing list