[Pkg-owncloud-commits] [owncloud-doc] 17/25: Add hardened permission example

David Prévot taffit at moszumanska.debian.org
Thu Oct 30 19:52:33 UTC 2014 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud-doc.

commit 9f8bbc2bf39476799bff90f51c294d72b351f7a7
Author: Lukas Reschke <lukas at owncloud.com>
Date:   Tue Oct 28 18:22:34 2014 +0100

    Add hardened permission example
---
 admin_manual/installation/installation_source.rst | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/admin_manual/installation/installation_source.rst b/admin_manual/installation/installation_source.rst
index 5402451..1fd481b 100644
--- a/admin_manual/installation/installation_source.rst
+++ b/admin_manual/installation/installation_source.rst
@@ -159,6 +159,9 @@ via the ownCloud Web interface. If you are planning to use the automatic
 updater app for updating ownCloud, the whole ``owncloud/`` directory must be 
 writable by the HTTP user.
 
+If you do not plan to use the updater application we recommend setting the directory 
+permissions as strict as possible, an example can be found below.
+
 You can find your HTTP user in your HTTP server configuration files. Or you can 
 create a PHP page to find it for you. To do this, create a plain text file with 
 a single line in it:
@@ -179,6 +182,17 @@ should see a single line in your browser page with the HTTP user name.
   directory is::
 
     chown -R <http-user>:<http-user> /path/to/owncloud/
+    
+* For hardenend security we  highly recommend setting the following permissions as strict as possible, 
+  however some feature such as the integrated updater application will not work anymore. Please 
+  note, that this commands should be executed after the initial installation::
+  
+    chown -R root:root /path/to/owncloud/
+    chown <http-user>:<http-user> /path/to/owncloud/config/config.php
+    chown -R <http-user>:<http-user> /path/to/owncloud/data/
+    chown root:root /path/to/owncloud/data/.htaccess
+    chown <http-user>:<http-user> /path/to/owncloud/apps/
+    
 
 * This example is for Ubuntu 14.04 LTS server::
    
@@ -401,4 +415,4 @@ See :doc:`configuration_yaws`
 
 **Hiawatha Configuration**
 
-See :doc:`configuration_hiawatha`
\ No newline at end of file
+See :doc:`configuration_hiawatha`

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud-doc.git

More information about the Pkg-owncloud-commits mailing list