0

I managed to order a new VPS account from linode

I have installed Ubuntu 10.04 LTS with 'LAMP Stack' StackScript.

I notice the website directory is located in /srv/www/ and I thought this is quite strange.

How do I check if /srv/www/ is secure?

If I create a new directory or files in /srv/www/ (logged as root), what permission/user do I need to set? how to chmod/chown it?

Right now it look like this (ls -la):

drwxr-xr-x 4 root root 4096 2012-03-06 18:03 li1x8-2xx.members.linode.com
root@li1x8-2xx:/srv/www#

-

drwxr-xr-x 4 root root 4096 2012-03-06 18:03 .
drwxr-xr-x 3 root root 4096 2012-03-06 18:03 ..
drwxr-xr-x 2 root root 4096 2012-03-06 18:03 logs
drwxr-xr-x 2 root root 4096 2012-03-06 18:31 public_html
root@li1x8-2xx:/srv/www/li1x8-2xx.members.linode.com#
I'll-Be-Back
  • 693
  • 3
  • 10
  • 25
  • That a document root may be `/srv/www` is not strange, in and of itself. Will you say more about what you are trying to do? And what do you mean by "secure"? Is there a particular user or group that should or should not have (read/write/execute) perms for /srv/www? – Adam Monsen Mar 07 '12 at 04:43

1 Answers1

2

Possible duplicate of https://superuser.com/questions/378412/editing-files-in-var-www/378485#378485.

See A script that verifies that Apache (or any account) has proper permission to navigate to a directory for how to verify permissions.

You likely want some other user than root or apache to own the directory. The owner will have the ability to modify the content without using root privileges. Adding that user to the www-data group may be useful. The following commands might be appropriate.

  • adduser user www-data
  • chown -R user:www-data /srv/www
  • chmod g+s /srv/www

This has the effects:

  • Add the specified user to the www-data group. (The group apache will run as.)
  • Change ownership to that user with www-data as the group.
  • Make the www-data group sticky for the /srv/www directory tree.

If the web server needs to write content in a directory change the owner to www-data or add group write permissions to the directory.

Community
  • 1
BillThor
  • 27,737
  • 3
  • 37
  • 69
  • Thanks for the answer. It is dangerous for root user to own the website (eg: www) directory? I have not created user account because I don't need it. I always login as Root. The websites will contain php files. Is there anything I need to adjust the folder permission/security without having a shell user account. Just root account. – I'll-Be-Back Mar 07 '12 at 18:39
  • You've already identified that it is dangerous for root to own the website. It is possible to use root as the user in the commands above. However, if a user gets to run as the owner of the content, you run a risk of total server compromise. Add a user and use `sudo` on those occasions when you need to be root. As you are running Ubuntu, you should already have a user with uid 1000. Try the command `getent passwd 1000` to find out what the userid is. – BillThor Mar 07 '12 at 19:43