: Why does Apache need write access to MediaWiki's LocalSettings.php? We are trying to harden an Apache/MediaWiki/MySQL installation. According to MediaWiki's Manual:Securing database passwords: ...
We are trying to harden an Apache/MediaWiki/MySQL installation. According to MediaWiki's Manual:Securing database passwords:
... many Unix/Linux users can simply secure LocalSettings.php just by setting its permissions with chmod 600 as recommended in LocalSettings.php#Security. Such users need read no further.
I'm speculating the above presumes LocalSettings.php is owned by apache or similar. If ownership was root:apache, then I'm guessing the recommendation would probably be 0660.
Why does Apache need write access LocalSettings.php?
More posts by @Merenda212
1 Comments
Sorted by latest first Latest Oldest Best
Some people on shared hosting or other hosting without SSH/FTP access may alter their configuration filed via a web interface. There are some extensions, like Configure, which perhaps need changing the configuration. The wiki sysadmin doesn't necessarily have root rights hence the file owner, whatever it is, needs to write on the file.
Simply, the advice on the manual is the most general one. 600 might be unneeded, but the point of the advice is to set 600.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.