On Fri, Mar 14, 2014 at 7:44 PM, Jerry Stuckle <[email protected]> wrote: > On 3/14/2014 10:20 PM, Peter Michaux wrote: >> >> On Fri, Mar 14, 2014 at 7:01 PM, Jerry Stuckle <[email protected]> >> wrote: >>> >>> On 3/14/2014 9:20 PM, Peter Michaux wrote: >>>> >>>> >>>> Hi, >>>> >>>> The default virtual host when Apache is installed on Debian has >>>> document root /var/www and a cgi-bin directory /usr/lib/cgi-bin. These >>>> directories do not make intuitive sense to me. If I have static HTML >>>> pages and some Perl CGI scripts, I would expect they go somewhere >>>> under /usr/share/. What is the rational behind the chosen default >>>> directories? >>>> >>>> Thanks, >>>> Peter >>>> >>> No way would I want a web user to have access to what's in /usr/share. It >>> would be a huge security exposure to allow a website user access to other >>> files in the directory. >> >> >> How would access to one directory allow access to other directories in >> /usr/share ? >> >> If access to a subdirectory of /usr/share is a concern then doesn't >> access to /usr/lib/cgi-bin cause the same concern for /usr/lib ? >> >> Peter >> >> > > /usr/lib is not a subdirectory of /usr/lib/cgi-bin. A web user can access > anything in the directory and any subdirectories (based on system > permissions, of course). But the web user cannot access anything in higher > directories.
I guess I wasn't clear. By "somewhere under /usr/share", I specifically meant subdirectories under /usr/share. For example, "/usr/share/www" and "/usr/share/cgi-bin". Peter -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/cag0y48bbv8frnw40+nrpadzgy8wsdxhohsm2amy+atk+eu7...@mail.gmail.com
