Web hosting security Post: 302084575

Sponsored Content

Special Forums Cybersecurity Web hosting security Post 302084575 by Sergiu-IT on Friday 11th of August 2006 10:55:56 AM

08-11-2006

Registered User

Web hosting security

Hello, guys !
The company I work for has a few web hosting servers and I'd like to know how can I secure the servers a little bit ?

The situation is like this:
Apache runs as nobody so all users can run scripts as nobody. This is a big security problem beacause if I have an account on the server, I can access the files of another user on the server (nobody has read and execute rights on users directory). If I cut the rights for the nobody user, then nobody cannot read the web sites hosted in the user's directory.
Do you have any ideeas how can I handle this situation ? I mean, how can I restrict a user from seeing other user's files through PHP or some CGI scripts but without restrictioning the nobody user.
The operating sistem is CentOS Linux, and the server is Apache.

Any ideeas are welcomed.

Sergiu-IT

View Public Profile for Sergiu-IT

Find all posts by Sergiu-IT

3 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Web page hosting

I built my website based on Dreamweaver, on Windows platform. My server uses Unix, and the page doesn't look too good. Is there any way to solve this problem without too much of a headache?

2. Cybersecurity

Web hosting security question

Hi, Recently my has been hacked. A .pl script has been uploaded in the root of the directory, which uploaded lot of unwanted files and changed their file permission to 777. I have no clue how did they upload that .pl file in my hosting. Website is in shared hosting. Could they access my web...

3. Shell Programming and Scripting

Ldap connection after hosting on Web Server

Hi.. I have very limited knowledge on LDAP and its configuration and but I have been trying to figure out one issue that takes place when I am running the program that is written in php, but so far its unsuccessful. The server, I am working on is ldap server, which is running on Apache. After...

LEARN ABOUT REDHAT

nwauth

NWAUTH(1)							      nwauth								 NWAUTH(1)

NAME

       nwauth - Verify username/password

SYNOPSIS

       nwauth [ -h ] [ -S server ] [ -U user name ] [ -P password | -n ] [ -D ]

DESCRIPTION

       nwauth  does  nothing  but logging into a NetWare server. If the login was successful, an error code of 0 is returned. If the login was not
       successful, an error code of 1 is returned. It was designed for use by other programs who want authenticate users via a NetWare server.

       If there is no -P or -n option specified on command line, nwauth always expects a password on stdin. If the stdin is a tty, then  the  user
       is prompted for a password. Otherwise nwauth simply reads stdin for a password.

       nwauth  looks  up the file $HOME/.nwclient to find a file server and a user name if they are not specified on command line. See nwclient(5)
       for more information. Please note that the access permissions of .nwclient MUST be 600, for security reasons.

OPTIONS

       -h
	  -h is used to print a short help text.

       -S server
	  server is the name of the server you want to use.

       -U user name
	  If the user name your NetWare administrator gave to you differs from your unix user-id, you should use -U to tell the server about  your
	  NetWare user name.

       -D
	  nwauth  says	that  your password is correct if you have existing connection to server with name user name. This is handy for some shell
	  scripts, but it is unacceptable for authorization modules, such as PAM, PHP or Apache. It was pointed to me that this behavior  was  not
	  well	known, and there exist at least one PAM module which does not know that (this module is not part of ncpfs; you should use PAM mod-
	  ule which comes with ncpfs instead anyway).

SEE ALSO

       nwclient(5)

CREDITS

       nwauth was written by Volker Lendecke (lendecke@math.uni-goettingen.de)

nwauth								    10/27/1996								 NWAUTH(1)