Permissions on ServerRoot Directories

S

sherman2000

Verified User
Joined
Dec 17, 2012
Messages
5
Do I need to apply it after installing DirectAdmin?


http://linux.math.tifr.res.in/sysadmin/apache-security.html

mkdir /usr/local/apache
cd /usr/local/apache
mkdir bin conf logs
chown 0 . bin conf logs
chgrp 0 . bin conf logs
chmod 755 . bin conf logs
It is assumed that /, /usr, and /usr/local are only modifiable by root. When you install the httpd executable, you should ensure that it is similarly protected:
cp httpd /usr/local/apache/bin
chown 0 /usr/local/apache/bin/httpd
chgrp 0 /usr/local/apache/bin/httpd
chmod 511 /usr/local/apache/bin/httpd
 
While I haven't looked up all of these, DirectAdmin should be managing apache security itself.

Jeff
 
sherman2000 said:
Do I need to apply it after installing DirectAdmin?
Click to expand...

Hello,

I'd rather say NO.
First of all Apache installed by Directadmin has

Code: 
ServerRoot "/etc/httpd"

which I'd recommend to

Code: 
chmod 700 /etc/httpd

That would be enough.

httpd is located in /usr/sbin/ and if you chmod it to 511, nothing should get broken, but you'll need to change its permissions every time when you re-built apache with custombuild.

Apache logs are located in /var/log/httpd/, and you might want to chmod it to 700.

Note, though it's been working for me since years, I can not guarantee that it will work the same in your particular case, if you have customized anything in your directadmin installation.
 
sherman2000 said:
Do I need to apply it after installing DirectAdmin?
Click to expand...

Hello,

I'd rather say NO.
First of all Apache installed by Directadmin has

Code: 
ServerRoot "/etc/httpd"

which I'd recommend to

Code: 
chmod 700 /etc/httpd

That would be enough.

httpd is located in /usr/sbin/ and if you chmod it to 511, nothing should get broken, but you'll need to change its permissions every time when you re-built apache with custombuild.

Apache logs are located in /var/log/httpd/, and you might want to chmod it to 700.

Note, though it's been working for me since years, I can not guarantee that it will work the same in your particular case, if you have customized anything in your directadmin installation.
 
You must log in or register to reply here.
Back
Top