Dear People,
I'm fairly new to apache administraction, so I apologise in advance if
this an obvious question.
I am running Apache, which is running some CGI scripts, which allow a web
client (browser) to upload data, process it, and then return the process
results to the client in the form of clickable links which correspond to
the results.
Let us assume for the purpose of this question that I have a CGI script
along with other web pages, located in /var/www/data, which needs to write
temporary files for the purpose described above.
My question is as follows. What is a good place to locate these files, and
what permissions should be set on these files?
It seems to be clear that allowing apache's user (namely www-data) write
permission to /var/www/data is a bad idea, because it would allow an
attacker who obtained the permissions of www-data free access to the web
pages there.
However, it is less clear where these files should be put.
First I was thinking of putting them in /tmp, but I am not sure it is a
good idea for apache to be serving files from /tmp. Also, we require these
files to be preserved over quite long periods of time, and /tmp is
cleared on every reboot.
I'm now toying with the idea of putting them in say /var/www/data/tmp,
where tmp would be owned by www-data (both user and group www-data), and
nobody else would have write access. Actually, disabling read access might
be a good idea as well.
What do people think of that? Any other suggestions/opinions?
Thanks in advance. Please cc me, I'm not subscribed.
Faheem.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
