3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted


The permission on the Apache directories should be 'rwxr-xr-x' (755) and the file permissions should be similar, except not executable unless appropriate. This applies to all the Apache software directories and files installed, with the possible exception in some cases that a group with write access for the Apache web document root ('$APACHE_PREFIX/htdocs') may be needed to allow web content to be updated. In addition, the '/bin' directory and executables should be set to not be readable by other.


None of the Apache files and directories, including the Web document root, should allow other write access. Other write access is likely to be very useful for unauthorized modification of web content, configuration files, and software.


Perform the following to remove other write access on the '$APACHE_PREFIX' directories:

# chmod -R o-w $APACHE_PREFIX

See Also


Item Details


References: 800-53|AC-3, CSCv6|14.4, CSCv7|14.6

Plugin: Unix

Control ID: dbfdcac1cfb582e09f28c16af5d9ff6d9fc5b4fe791c06469d992ede1e4b9e83