PDA

View Full Version : Apache modifies files owned by root



mrtndimitrov
24th March 2010, 12:33 PM
Hello,

I have a very strange situation. I moved existing sites from an old Linux machine to a new one. Everything works fine except I noticed that Apache manages to modify files owned by root. The directory structure and the permissions are as follows:

html drwxr-xrwx
-> my_site drwxr-xr-x
-> -> some_file -rw-r--r--

Everything is owned by root and the group is also root. Apache runs as user and group apache. The problem is that a php script manages to modify some_file. The things get even stranger because when I replicate the exact same directory structure with new files, the php script fails.

Thanks in advance for you advice.

SlowJet
24th March 2010, 12:49 PM
The httpd files should own by apache:apache

Use cp to get the files into /var/www/html/appdir (that is owned by apache
That way the ownership and selinux labels are set to the recieving owner.

It takes some firts time work for each new set of files and any new file.
The chmod can then tighten security on the apache files.

using 400 500 700 as needed to get rx rw rwx in just the first set. Root does not need pessions to start up httpd.

Now the only user that can access files in httpd is apache, and hackers and bad code can not get into or out of httpd.

SJ