Arthur Hagen wrote:
> J.O. Aho <user@example.net> wrote:
>> Wim Cossement wrote:
>>
>>> Thanks for both tips, I aready took the x from all my PHP files, but
>>> the second suggestion about changing the all files in /var/www/ to
>>> root:apache 0640 does not do the trick, I always get a 403 error
>>> when I tried this.
>>>
>>> This seems unlogical too me, since apache runs as apache:apache so it
>>> shoud be able to get me the files since the group can read them.
>> The files should be owned by apache and not root, as this leads to
>> that apache may not have the right to read the file in question.
>
> If apache is in the group apache, it will be allowed to read any files
> that's root:apache 0640. (Assuming the parent directories are 0750 or
> otherwise give rx access to the apache group, of course.)

Even so, there are scripts that checks ownership and privileges, which makes
them to not work properly even if apache group would be able to read them.

Of course that wasn't the case Wim's post here.


//Aho