I’m troubleshooting a permissions problem which could be solved if all files in Apache’s root folder were owned by a user not “root”. Since this is a sanbox and I’m the only one playing in it, there isn’t any human conflict. Will I silently break something if I make this change?
I’ve never questioned that files outside of the /home are owned by any other user than the system’s root user account. Most of the time changing permissions does indeed break things, but the thought. OHHH. How naughty. hahahah.
A bit late, I’m afraid, but I just found this. There’s a lot of confusion/misinformation in the comments here. You can do whatever you want, within these basic principles. I’m assuming that the httpd user and group (see the User and Group directives in httpd.conf) are ‘apache’ and ‘apache’; substitute for your own particular installation.
1 – the files to be served must be readable by user ‘apache’
2 – the directories must be searchable by user ‘apache’
3 – CGI programs must be runnable by user ‘apache’
4 – user ‘apache’ should not own any files
5 – user ‘apache’ should not be permitted to write any files
6 – group ‘apache’ should not be permitted to own or write to any files
Your setup – where root owns the files – is acceptable, but it makes more sense in most setups that whoever has to modify the files (via ftp/etc) should either (a) own them, or (b) be in a group that has write permissions for the files.
Come up with a scheme that meets all these criteria, and you should be Ok. Obviously don’t allow ‘others’ to have any permissions that aren’t necessary. It’s normal, however, for user ‘apache’ to be in ‘others’, so files will normally need read permissions for others. Post your specific solution here if you want it checked.