[ale] Apache Security Question

Jerry Z. Yu z.yu at voicecom.com
Mon Jul 8 17:38:29 EDT 2002


stuff under 'web' (since it is served by apache using userdir directive) 
should be consider public anyway.  However, be cautious and turn the 
autoindex off for those dirs or all directories, and apply minimal perm as 
below:

	701 for dir	604 for file
	find ~user1/web -type d -exec chmod 0701 {} \;
	find ~user1/web -type f -exec chmod 0604 {} \;

Better yet,
1) place file named 'ThisFolderIsAvailableToPublic' to warn the user. 
2) provide instruction to create web dir and change permission. so the 
user can 'publish' as they go, instead of being forced to publish...

On Mon, 8 Jul 2002, Prasanna Subash wrote:

#Hi all,
#	
#	I run apache at home on my mdk-8.2 box. This is the small security problem 
#that I have.
#
#Each user has his webpage at
#
#/home/USERNAME/web/
#
#and I use NameVirtualHost directives to get to the directory for different 
#users.
#
#However since Apache( httpd ) runs as nobody:nobody its not able to read those 
#directories and I get a permission denied.
#
#My solution was to chmod 777 /home/USERNAME and
#chmod -r 777 /home/USERNAME/web
#
#But this solution is inelegant as each user can see each others files by just 
#changing directories. .htaccess files have no meaning at this point between 
#users on the same box.
#
#How can I solve this ?
#
#-- 
#------------------------------------------------------------------------ 
#Prasanna Subash            |
#Linux, the choice          | Noone ever built a statue to a critic. 
#of a GNU generation   -o)  | 
#Kernel 2.5.18          /\  | 
#on a i686             _\_v | 
#                           | 
#------------------------------------------------------------------------ 
#
#
#---
#This message has been sent through the ALE general discussion list.
#See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
#sent to listmaster at ale dot org.
#

Jerry Z. Yu					+1-404-487-8544 (O)
systems engineer				z.yu at voicecom.com
is support, voicecom, llc			www.voicecom.com


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list