CentOS file permissions
Added by Uli Hecht over 9 years ago
The following instructions of RedmineInstall for setting permissions and ownership won't work on CentOS:
sudo chown -R apache:apache files log tmp public/plugin_assets sudo chmod -R 755 files log tmp public/plugin_assets
I guess that's why the CentOS howto gives following instruction:
cd /var/www chown -R apache:apache redmine chmod -R 755 redmine
Surprisingly this works but allowing the apache user to access everything is not a good idea in my opinion. Therefore I searched for the reason why the normal way of RedmineInstall doesn't work. I found out that you have to change the ownership of config.ru in the root directory to apache:apache as well.
As a potential attacker could exploit config.ru I suggest to remove the write permission for the apache user.
So finally this is my suggestion for the CentOS howtos:
sudo chown -R apache:apache files log tmp public/plugin_assets config.ru sudo chmod -R 755 files log tmp public/plugin_assets sudo chmod 333 config.ru
What do you think?