ColdFusion /Apache Configuration Question

Hello - I am new to linux configuration: I am trying to install CF8 on linux but am somewhat confused about permissions. I am running apache under user "apache", group "apache". My web root is /home/frank/www All files within that are 644, all directories are 755. All www files are owned by "frank", group "apache" As I understand it, this is a good secure setup, which allows apache to read files but not write to these directories.  So far so good, I think. Now, I am installing coldfusion.  When the CF installer asks for the runtime user, what do I use?  apache?  frank?  some other user?    I have access to root, so changing permissions is easy.  I just want to have a good, secure setup, and I need apache running under "apache" to play nicely with CF. Thanks for responses

Not only does /home/frank/www need to be readable by apache, all parent directories need to be as well.  So what you have is a rather insecure setup, because the server daemon has access to your home directory.  More preferable would be to have a directory dedicated to webapps (on RedHat and derivatives that's /var/www) which is owned by your web server user (apache) and isolated from any individual user account. As you have it right now, the CF installer should be givien 'apache' for the group to run as.  Also, CF needs write access to various things within it's webroot, so you'll need to grant it that access.  I don't have an exhaustive list, but at the very least /WEB-INF/cfclasses and /WEB-INF/cfusion/lib/ which house compiled CF templates and the administrator settings respectively.  There are some more folders related to CFFORM and other stuff as well. cheers, barneyb ----- Excess quoted text cut - see Original Post for more -----

So if I understand correctly, the following procedure should result in a relatively secure setup? My user account is frank. So what I should do is: 1. Run HTTPD with user: apache, group: apache 2. Install Coldfusion to /opt/coldfusion8 as frank.  Use "apache" as the runtime user when asked at install.  Give group ownership to "apache" for those parts of /opt/coldfusion9 that need it (WEB-INF, etc). 3. use /var/www as my document root. Give ownership of all files and directories here to user:frank (so I can modify them), group:apache (so httpd and CF can read them).   Permissions: Read+Write for Frank,  Read for apache (644 files,755 dirs).    Give additional write access for apache in specific locations throughout /var/www where CFFILE / cfcache / file upload etc will need runtime access to write. Does this sound right? Thanks ----- Excess quoted text cut - see Original Post for more -----