[H-GEN] 1. Public Samba share 2. apache Samba share
Tony Nugent
tony at linuxworks.com.au
Tue Aug 5 19:34:59 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
On Wed Aug 06 2003 at 07:47, Robert Stanford wrote:
> > 2. For my apache share I have read about forcing the files written via a
> > Samba share to take on the 'apache' group or user owner. If anyone has a
> > sample [web] share that includes this I would like to have this
> > explained to me.
> >
>
> For Debian, where apache runs as user and group www-data add
>
> force user = www-data
> force group = www-data
>
> to the share definition in smb.conf
Be careful. Don't let apache own (or otherwise allow it to have
write access to) any of the files in its document root (except
specific exceptions where it may need to do that).
If the daemon gets compromised, then this will allow your entire
site to be very easily defaced. The apache user (like the ftp
daemon and its public root directory) should have read access
everywhere, but no write permissions.
Cheers
Tony
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list