Allegedly, on or about 12 January 2019, Alex sent: > How do I configure apache to allow PHP scripts write access to a > document root without compromising security?
Files/directories have three permissions, the owner, the group, and other users. Files should *not* be owned by Apache, nor writeable by it, allowing Apache to write to them is a major security failure. Apache reads and serves files using the other user permissions. What *actually* will write to your files? Is it an Apache process, or your script. Or, probably even better, having them owned an actual user that logs in, even if through your scripting system (e.g. when I edit files using VIM, they're owned be me, not the VIM program). Hopefully it is not Apache, itself. They should be owned, or part- owned (remember there's user and group permissions) by the user or process that will actually update them. Disabling SELinux is usually a "throwing the baby out with the bathwater" solution to a problem. -- [tim@localhost ~]$ uname -rsvp Linux 4.16.11-100.fc26.x86_64 #1 SMP Tue May 22 20:02:12 UTC 2018 x86_64 Boilerplate: All mail to my mailbox is automatically deleted. There is no point trying to privately email me, I only get to see the messages posted to the mailing list. You can't have equality AND special treatment. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
