On Fri, 2025-03-07 at 21:44 -0500, Jeffrey Walton wrote: > It is not clear to me why you want vsnyder:adm, and why you want the > world to have access to anything. > > Here's how I set up permissions on Apache. It is part of my hardened > system. > > # Root owns everything. Apache only gets read access. Others get > no access > $ sudo chown -R root:www-data /var/www > $ sudo chmod g=r /var/www > $ sudo chmod o= /var/www
I want to be able to change the web without logging in as root. I occasionally need to send files to recipients that are big enough suffocate their mail readers. Putting a soft link to it in /opt/www without hooking it to my index is an easy way to do that. After it's fetched, I delete it. I saw a page somewhere that said the web files should have group ownership by root or adm. I'll change the ownership to vsnyder:www-data and add vsnyder to www- data in /etc/group*. I'll turn off world access. Thanks for the advice.
