Manualshelf

Datasheet

ManualsBrandsNovell ManualsSoftware00662644465449-OEM
571572573574575576577578579580
“main” (Installation and Administration) 2004/6/25 13:29 page 551 #577
i
i
i
i
i
i
i
i
22
The Apache Web Server
22.11 Security
22.11.1 Minimizing the Risk
If you do not need a web server on a machine, deactivate Apache in the
runlevel editor, uninstall it, or refrain from installing it in the first place. To
minimize the risk, deactivate all unneeded servers. This especially applies
to hosts used as firewalls. If possible, do not run any servers on these hosts.
22.11.2 Access Permissions
DocumentRoot Should Belong to root
By default, the DocumentRoot directory (/srv/www/htdocs) and the
CGI directory belong to the user root. You should not change this setting.
If the directories were writable for all, any user could place files into them.
These files might then be executed by Apache with the permissions of
user wwwrun. Also, Apache should not have any write permissions for the
data and scripts it delivers. Therefore, these should not belong to the user
wwwrun, but to another user (such as root).
To enable users to place files in the document directory of Apache, do not
make it writable for all. Instead, create a subdirectory that is writable for all
(such as /srv/www/htdocs/miscellaneous).
Publishing Documents from Home Directories
Another possibility to make sure that users can publish their files in the
network is to specify a subdirectory in users’ home directories in the con-
figuration file. Users can then place any files for web presentations in this
directory (for example, ~/public_html). By default, this is activated in
SUSE LINUX. See Section 22.7.2 on page 540 for details.
These web pages can be accessed by specifying the user in the URL.
The URL contains the element ~username as a shortcut for the respec-
tive directory in the user’s home directory. For example, enter http:
//localhost/~tux in a browser to list the files in the directory public_
html in the home directory of the user tux.
22.11.3 Staying Updated
If you operate a web server and especially if this web server is publicly ac-
cessible, stay informed about bugs and potential vulnerable spots. Sources
for exploits and fixes are listed in Section 22.13.3 on page 553.
551SUSE LINUX Enterprise Server