Allegedly, on or about 14 September 2013, Roger sent: > There is some belief that /var/www/html is sacrosanct.
More to the point is that you don't let a world-accessible server have write access to files, willy-nilly. Likewise if it's not actually "world" accessible, but still widely accessible within a LAN. If it's possible for Apache to write to the webspace, because it's foolishly owned by the apache user, your system is just ripe for being exploited. > It does not matter which directory you use you still have to have user > ownership and suitable permsissions in some form. Yes, and "suitable" permissions are not allowing the server software to own the files. Never having experienced the problem doesn't mean that it's not there, or that you're not vulnerable. It's a very bad habit to form, and hard to break once people start forming bad habits. The fact that some website may advocate doing dumb things, doesn't make them good advice. The internet is full of silly things, with the blind leading the blind down the garden path, and over the edge of the cliff. > - Setting up Joolma, Drupal or the like cannot be done unless one is > root. > - One has to be root not sudo root. Nothing particularly unusual there, it's damn sensible that to "set up" software, one has to have such privileges. Not a good idea if they have to maintain such high privileges to "use" the software once installed. -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
