1

So I've searched for this answer, and can't seem to come up with anything relevant. So here goes:

What is the best practice for ownership/permissions of the PHPMyAdmin files on a server?

Thanks to all in advance.

Lee Fuller
  • 127
  • 6
  • Look over on the right under related. – user9517 Nov 01 '15 at 17:58
  • 2
    Best practice is to _not_ have phpMyAdmin instaled. – Michael Hampton Nov 01 '15 at 18:06
  • You will have to share a lot more, like which webserver you run (Apache, Nginx) etc. and whether you run something like SElinux. Also where you installed it, and how you intend to use it in terms of whether you allow public access or have it firewall controlled etc. etc. – JayMcTee Nov 01 '15 at 18:23
  • @MichaelHampton I tend to agree. However, in this case it is truly needed. – Lee Fuller Nov 01 '15 at 21:13
  • @JayMcTee Running Apache. Not running SElinux. However, am runing RUid mod to keep shared host files running as controlled users. Access to it will be limited by IP. Yet I'm still wanting to make certain I'm using best practice to control who owns it. – Lee Fuller Nov 01 '15 at 21:15

1 Answers1

0

As mentioned above: That depends on your setup. Did you install it using your package manager or manually? Without suEXEC or suPHP (and similar) you can probably leave them as is. Make sure your config file is not world readable. If you're using a framework that allows PHP scripts to run as their owner, than the safest option is probably to create a seperate user without any shell and limited by it's own php.ini .

K.A.B.
  • 23
  • 5
  • This is probably the best answer for me. The last sentence makes sense to me and likely will be the way I would go in this case. – Lee Fuller Nov 01 '15 at 21:16