You are not logged in.
- Topics: Active | Unanswered
#1 2012-04-11 21:12:04
- trusktr
- Banned
- From: .earth
- Registered: 2010-02-18
- Posts: 907
- Website
[SOLVED] Make http documents as root or as user?
I have my own Arch Server now, with full root access. The question is, should I store all the web documents in a root-only location (e.g. /etc/httpd/docs/domain.com/) or should I store web docs in a user location (e.g. /home/trusktr/htdocs/domain.com/) while using root locations only for server settings?
I was just wondering what you guys think would be more secure.
My perspective as a newcomer to servers is that if I'm the only one accessing the server, then root locations would be better for security (using an ssh keypair authentication method). However, if I have users who need access to their files, then obviously putting their files in user locations would be the only option.
Thanks in advance for your advice.
Last edited by trusktr (2012-04-12 13:30:44)
joe@trusktr.io - joe at true skater dot io.
Offline
#2 2012-04-11 21:46:02
- firecat53
- Member
- From: Lake Stevens, WA, USA
- Registered: 2007-05-14
- Posts: 1,542
- Website
Re: [SOLVED] Make http documents as root or as user?
I normally use /srv/http for website docs, /srv/ftp for any FTP server usage, and /srv/git for git repositories. For the web files, you can keep them owned by root or the webserver user (http or similar). You can add yourself to the web server group and make sure the files have group write permissions just to make editing easier.
Scott
Offline
#3 2012-04-11 22:18:36
- trusktr
- Banned
- From: .earth
- Registered: 2010-02-18
- Posts: 907
- Website
Re: [SOLVED] Make http documents as root or as user?
@firecat53 Thanks for the info. By "add yourself" do you mean the root user or my normal user?
joe@trusktr.io - joe at true skater dot io.
Offline
#4 2012-04-11 22:25:25
- firecat53
- Member
- From: Lake Stevens, WA, USA
- Registered: 2007-05-14
- Posts: 1,542
- Website
Re: [SOLVED] Make http documents as root or as user?
Add your normal user to the 'http' group. You could also add other users as well to that group to give them editing privileges. One area where I get a bit fuzzy is how to actually force new files to be created with the correct user and root ownership, but I don't think that matters too much in most cases as long as the server can read the file...could be an issue for writing, though. I haven't messed with this for quite awhile now... 
Scott
Offline
#5 2012-04-12 13:30:31
- trusktr
- Banned
- From: .earth
- Registered: 2010-02-18
- Posts: 907
- Website
Re: [SOLVED] Make http documents as root or as user?
For sure. I guess having the files in a root location provides an extra layer of security because first someone would have to get access into a normal account before being able to access the root account. To maintain that extra layer of security, users wouldn't have access to the root files (wouldn't be able to edit their files). This could be fine on a private server I guess. In that case, we might as well not have normal users, only people with who can log in with a matching ssh key.
joe@trusktr.io - joe at true skater dot io.
Offline