Apache folder permissions

You should never have to run a website out of your home directoryEVER. You would otherwise have to give the web server the ability to traverse through /home/ to see the directory structure, but also into /home/$USER/ (your user’s home directory, where we can try and see what else exists in your user directory), as well as any other subfolders in there. A poorly-configured or misconfigured or unpatched web server can cause massive data leakage this way, or loss of credentials and such which would put your personal data and logins on different things at risk. The symlink approach you are using doesn’t help either for the same reason as trying to give Apache permissions to read /home/andre/www/moodle – the web server has to be able to traverse your home directory to get to the location that the symlink in /var/www/html points to, which still poses that security risk.

Continue reading

Advertisements