Wim Cossement wrote:
> Hi,
>
> After installing phplmyadmin and adding it with webapp-config to the
> default vhost, located in /var/www/localhost/htdocs, I noticed that the
> permissions from /var/www were root:root 0755.
>
> This means that for example
> /var/www/localhost/htdocs/phpmyadmin/config.default.php is readable by
> world, and since this contain a password used to connect as the pma user
> to MySQL, and is potentially dangerous.
>
> So I made apache:apache the recursive owner of /var/www and also
> chmodded it with -R 2700.
>
> Is this the standard way or are there better ways?

I'm not that much for using webapp-config, I usually let it have it's
defaults, and I get everything installed in /var/www, thereafter I always move
things where I want them to be and set a restrictive file privileges, so that
only apache has the rights in a similar way as you have done. This give more
control for me IMHO. As I don't use phpmyadmin (much more fun to sue the
console tools), so I don't know if it needs a directory that is less secure,
there are some apps that needs this to work as they are designed, so I do
suggest you take a look at the documentation, and modify the privileges if
needed. By the way, you don't need to set execution privilege for the php
files, for them 6 is more than enough (directories will need it set). I do
avoid to set execute privileges on files that don't need it.


//Aho