|
|
Sponsored Content
Special Forums
Cybersecurity
Web hosting security
Post 302085144 by Sergiu-IT on Tuesday 15th of August 2006 11:55:36 AM
08-15-2006
Hi !
I guess that you didn't understood what I mean (and my english sucks, I know). I'll try to explain the situation again with an example, in this way maybe you (and whoever reads this post) can understand batter what I need.
So, there is the server that is used for web hosting. The web server (apache) is running as nobody. There are a few accounts on the server and each account have a public_html directory where his web page is kept. The home directory of each user must have at least execute rights for the group for apache (nobody) to be able to read the content of public_html directory (or pass through it).
In the public_html directory the user can put his PHP files which are interpreted by apache (nobody). As long as every file in public_html must be readable by nobody and every directory in public_html must have the execute rights some bad user can make a script that will read other users files beacause his script will run as nobody (like all the PHP/CGI scripts).
So, for example, if I make an account on the server I can make a script that will read the /home/some_user/public_html/phpmyadmin/config.php file beacause my script will run as nobody and nobody (as a user) can read all files in public_html directory of each user.
What I want to know is how can I block users to see each others files through some scripts even if the scripts are running as nobody (beacause are interpreted by apache) and 'nobody' has read and/or execute rights on the other user's files ?
Am I clear this time ? If not I'm sorry... I haven't used my english for a while and now I tend to have gramar problems
Thanks for your time.
I guess that you didn't understood what I mean (and my english sucks, I know). I'll try to explain the situation again with an example, in this way maybe you (and whoever reads this post) can understand batter what I need.
So, there is the server that is used for web hosting. The web server (apache) is running as nobody. There are a few accounts on the server and each account have a public_html directory where his web page is kept. The home directory of each user must have at least execute rights for the group for apache (nobody) to be able to read the content of public_html directory (or pass through it).
In the public_html directory the user can put his PHP files which are interpreted by apache (nobody). As long as every file in public_html must be readable by nobody and every directory in public_html must have the execute rights some bad user can make a script that will read other users files beacause his script will run as nobody (like all the PHP/CGI scripts).
So, for example, if I make an account on the server I can make a script that will read the /home/some_user/public_html/phpmyadmin/config.php file beacause my script will run as nobody and nobody (as a user) can read all files in public_html directory of each user.
What I want to know is how can I block users to see each others files through some scripts even if the scripts are running as nobody (beacause are interpreted by apache) and 'nobody' has read and/or execute rights on the other user's files ?
Am I clear this time ? If not I'm sorry... I haven't used my english for a while and now I tend to have gramar problems
Thanks for your time.
|
|
3 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I built my website based on Dreamweaver, on Windows platform. My server uses Unix, and the page doesn't look too good. Is there any way to solve this problem without too much of a headache? (1 Reply)
Discussion started by: PCL
1 Replies
2. Cybersecurity
Hi,
Recently my has been hacked. A .pl script has been uploaded in the root of the directory, which uploaded lot of unwanted files and changed their file permission to 777.
I have no clue how did they upload that .pl file in my hosting.
Website is in shared hosting. Could they access my web... (3 Replies)
Discussion started by: agriz
3 Replies
3. Shell Programming and Scripting
Hi..
I have very limited knowledge on LDAP and its configuration and but I have been trying to figure out one issue that takes place when I am running the program that is written in php, but so far its unsuccessful.
The server, I am working on is ldap server, which is running on Apache. After... (1 Reply)
Discussion started by: GomathiUoM
1 Replies
LEARN ABOUT DEBIAN
blaze-make
BLAZE-MAKE(1) BlazeBlogger Documentation BLAZE-MAKE(1) NAME
blaze-make - generates a blog from the BlazeBlogger repository SYNOPSIS
blaze-make [-cpqrIFPTV] [-b directory] [-d directory] blaze-make -h|-v DESCRIPTION
blaze-make reads the BlazeBlogger repository, and generates a complete directory tree of static pages, including blog posts, single pages, monthly and yearly archives, tags, and even an RSS feed. OPTIONS
-b directory, --blogdir directory Allows you to specify a directory in which the BlazeBlogger repository is placed. The default option is a current working directory. -d directory, --destdir directory Allows you to specify a directory in which the generated blog is to be placed. The default option is a current working directory. -c, --no-css Disables creating a style sheet. -I, --no-index Disables creating the index page. -p, --no-posts Disables creating blog posts. -P, --no-pages Disables creating pages. -T, --no-tags Disables creating tags. -r, --no-rss Disables creating the RSS feed. -F, --full-paths Enables including page names in generated links. -q, --quiet Disables displaying of unnecessary messages. -V, --verbose Enables displaying of all messages, including a list of created files. -h, --help Displays usage information and exits. -v, --version Displays version information and exits. FILES
.blaze/theme/ A directory containing blog themes. .blaze/style/ A directory containing style sheets. .blaze/lang/ A directory containing language files. EXAMPLE USAGE
Generate a blog in a current working directory: ~]$ blaze-make Done. Generate a blog in the "~/public_html/" directory: ~]$ blaze-make -d ~/public_html Done. Generate a blog with full paths enabled: ~]$ blaze-make -F Done. SEE ALSO
blaze-init(1), blaze-config(1), blaze-add(1) BUGS
To report a bug or to send a patch, please, add a new issue to the bug tracker at <http://code.google.com/p/blazeblogger/issues/>, or visit the discussion group at <http://groups.google.com/group/blazeblogger/>. COPYRIGHT
Copyright (C) 2009-2011 Jaromir Hradilek This program is free software; see the source for copying conditions. It is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Version 1.2.0 2012-03-05 BLAZE-MAKE(1)