Explore key concepts regarding Apache file and directory permissions, focusing on configuration settings, common permissions, and access control practices. Gain a solid understanding of how proper permissions impact Apache server security and functionality.
Which permission set allows the owner of a file to read and write, but not execute, on a typical UNIX system used by Apache?
Explanation: The 'rw-r--r--' permission set means the owner can read and write, but not execute the file, while the group and others can only read it. 'rwxr-xr-x' here is incorrect because it allows execution for all users. 'r--rw-rw-' grants the owner only read access and group and others read and write, which is not correct for owner write permission. 'r-xrw--w-' is improperly structured and grants inconsistent permissions.
What are the typical minimum permissions required on a directory for Apache to be able to serve files from it?
Explanation: For Apache to access and list files in a directory, both read and execute permissions are needed. Execute permission alone allows accessing the directory but not reading file names. Write permission alone does not allow listing or accessing files. Giving read, write, and execute permissions is unnecessary and increases risk.
What risk arises if website files have world-writable permissions such as 777 in an Apache server environment?
Explanation: Files with world-writable permissions allow any user on the system to alter their contents, creating a major security risk. Only root accessing them is incorrect because permissions open access to all users. Server performance is not enhanced by higher permissions. The claim of no additional risk is false as excessive permissions increase vulnerability.
Which file is commonly used in Apache to set per-directory permissions and access controls without modifying the main server configuration?
Explanation: .htaccess files are used for per-directory configuration and access controls in Apache. .htpasswd is a password file, not for configuration. .config is a generic filename and not recognized by default. access.conf was used in older versions but is now obsolete.
What numeric value would you use with chmod to set a file so only the owner can read and write, but not execute, while others have no permissions?
Explanation: A chmod value of 600 sets permissions to read and write for the owner, and no permissions for group or others. 644 allows everyone to read, which is not desired here. 606 and 660 either grant execute or write permissions to other users or groups, which makes them unsuitable.
If a web page file is owned by user 'webuser' and group 'webgroup', which permission should you avoid setting to reduce risk if only Apache needs to read it?
Explanation: Group write permission allows anyone in the group to modify the file, increasing the risk of unintended changes. Owner read and write are typically necessary for the user managing the file. Group read is safe if multiple trusted users require access. Group write should be avoided unless absolutely necessary.
Which command sets directory permissions using symbolic mode so everyone can read, but only the owner can write?
Explanation: The command 'chmod u+w,go+r-w' explicitly gives write to owner, read to group and others, and removes write for group and others. 'chmod 644' is an absolute numeric mode, not symbolic, and is typically used for files, not directories. 'chmod a+r,u+w' does not remove write from group/other. 'chmod +r' simply adds read permission for all users, not adjusting write.
What Apache directive in a configuration or .htaccess file is used to prevent users from viewing a list of directory contents?
Explanation: The 'Options -Indexes' directive disables directory listings when there isn't an index file, improving security. 'AllowOverride None' controls whether .htaccess overrides are permitted and does not affect indexing. 'Require all granted' allows unrestricted access. 'Order Deny,Allow' is a legacy access method, not for listing prevention.
Under which user context does Apache typically run web processes, affecting which file and directory permissions it requires?
Explanation: Apache commonly runs under a dedicated user account specifically for the web server, minimizing system-wide permissions. Running as root is not secure and should be avoided. The database administrator account is for databases and unrelated to Apache's context. The guest account is not used for running web processes due to high risk.
What is the best practice for setting permissions on directories where website users can upload files, to prevent accidental script execution?
Explanation: Removing execute permissions from upload directories helps prevent users from running uploaded files as scripts, improving security. Allowing read and execute for everyone can let scripts run. Granting write and execute to all is highly insecure. Setting read only for the owner is too restrictive and prevents uploads by users.