On 3/14/2014 10:20 PM, Peter Michaux wrote:
On Fri, Mar 14, 2014 at 7:01 PM, Jerry Stuckle <jstuc...@attglobal.net> wrote:
On 3/14/2014 9:20 PM, Peter Michaux wrote:
Hi,
The default virtual host when Apache is installed on Debian has
document root /var/www and a cgi-bin directory /usr/lib/cgi-bin. These
directories do not make intuitive sense to me. If I have static HTML
pages and some Perl CGI scripts, I would expect they go somewhere
under /usr/share/. What is the rational behind the chosen default
directories?
Thanks,
Peter
No way would I want a web user to have access to what's in /usr/share. It
would be a huge security exposure to allow a website user access to other
files in the directory.
How would access to one directory allow access to other directories in
/usr/share ?
If access to a subdirectory of /usr/share is a concern then doesn't
access to /usr/lib/cgi-bin cause the same concern for /usr/lib ?
Peter
/usr/lib is not a subdirectory of /usr/lib/cgi-bin. A web user can
access anything in the directory and any subdirectories (based on system
permissions, of course). But the web user cannot access anything in
higher directories.
Jerry
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5323be7e.50...@attglobal.net
