On Tue, Mar 22, 2016 at 9:56 AM, Yann Ylavic <ylavic....@gmail.com> wrote: > It's usually not a good idea to have the HTTP server own (and be able > to write to) the files/directory it serves. > > So you should probably make httpd run as its own User/Group, and make > the DocumentRoot (and below) owned by an administrative user (the one > able to update the content), giving only access/read rigths to the > httpd group (or user, usually as "others"). > > Regards, > Yann. >
I don't really understand what you mean by "the HTTP server owns the files it serves". The HTTP server is not a user, is it ? How should I change my httpd.conf to reflect the improvements you suggest ? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
