2016-04-30 4:37 GMT+02:00 Nick Holland <n...@holland-consulting.net>: > On 04/29/16 21:27, Tuyosi Takesima wrote: >> thanks for ludovic >> >> # ls -l /var/www/1/ >> total 16 >> -rw-r----- 1 www www 65 Apr 29 11:19 .htpasswd >> >> # chmod 640 /var/www/1/.htpasswd >> >> this go well . > > *sigh* > > Do you really want your /security/ file writable by the very user that > should trust the least? Might as well be 666 for what you are doing to > your system's "security". > > Please stay off the 'net until you understand this stuff. It's not just > YOUR feet you are shooting at. > > Nick. >
A bit of my message might have been unclear. The file should be owned by user root and group www. As Nick have written, if the user and group owning a file is the same, there is no point in having different permission. Also, you don't want nginx having the ability to alter the file, in case it get compromised. -- Cordialement, Coues Ludovic +336 148 743 42
