LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-14-2011, 01:37 PM   #1
evermore
LQ Newbie
 
Registered: Apr 2011
Posts: 7

Rep: Reputation: 0
permission with lighttpd, linux permission...


i am running lighttpd on linux fedora server

and my problem is

i have index.php that access a file call hit.txt

it's just a text counter

problem is you can go to mydomain.com/hit.txt

to access this text file, and i don't want to do this

i can restrict url in lighttpd config but what if i have a thousand files like this? typing in file name would be tedious

current permission
-rw-rw---- 1 root lighttpd 2 2011-04-13 21:27 hit.txt
-rwxrw---- 1 root lighttpd 1211 2011-04-02 12:05 index.php


lighttpd user is lighttpd, if i want lighttpd to read and write from hit.txt then outside user can guess and display hit.txt (slim chance at name but the main point of fixing this wierd thing)
i've searched and read a lot of apache server permission and cannot find an answer to this
 
Old 04-14-2011, 05:53 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,526

Rep: Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503
Hi,

In apache you can forbid access to .txt files using FilesMatch, or mod_rewrite, so the same goes for lighttpd.
I'm not very familiar with lighttpd rewrite, so here is the equivalent of FilesMatch:
Code:
$HTTP["url"] =~"(.*)\.txt$" {
url.access-deny = ("")
}
Regards
 
Old 04-15-2011, 12:11 AM   #3
evermore
LQ Newbie
 
Registered: Apr 2011
Posts: 7

Original Poster
Rep: Reputation: 0
i realize that

but say i have 1000 files?? like hit .txt
but all diff extension??

i don't have time to restrict every extension........


any other fix?
 
Old 04-15-2011, 12:13 AM   #4
lupusarcanus
Senior Member
 
Registered: Mar 2009
Location: USA
Distribution: Arch
Posts: 1,022
Blog Entries: 19

Rep: Reputation: 146Reputation: 146
I assume if you restrict the directory that those files are in it will restrict access to any relevant subdirectories.

This is only an assumption, however, so beware.
 
Old 04-15-2011, 01:42 AM   #5
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,526

Rep: Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503Reputation: 1503
@OP

File permissions is not going to work, because if a file with read permissions exists in the docroot, apache can serve it to the client.

You could forbid access to any file except php, html, images (.jpg .png) and others I cannot think at the moment.
Or using rewrite, forbid everything unless the referrer is a php file.

Another way is to move those files outside document-root, in a directory that lighttpd has write permissions. But this implies changes in the php code of the php files that rely on those files
 
Old 04-15-2011, 12:23 PM   #6
Bodi
LQ Newbie
 
Registered: Jul 2009
Posts: 25

Rep: Reputation: 2
Usually when you do not allow public read access like you did :
-rw-rw---- 1 root lighttpd 2 2011-04-13 21:27 hit.txt
-rwxrw---- 1 root lighttpd 1211 2011-04-02 12:05 index.php

This means that only the user/group members will be able to read this file, you do not have public read permissions set on these files, so they should not be able to be open by a browser, you should get an error.

Forbidden

You don't have permission to access /hit.txt on this server.
 
Old 04-16-2011, 01:34 AM   #7
evermore
LQ Newbie
 
Registered: Apr 2011
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Bodi View Post
Usually when you do not allow public read access like you did :
-rw-rw---- 1 root lighttpd 2 2011-04-13 21:27 hit.txt
-rwxrw---- 1 root lighttpd 1211 2011-04-02 12:05 index.php

This means that only the user/group members will be able to read this file, you do not have public read permissions set on these files, so they should not be able to be open by a browser, you should get an error.

Forbidden

You don't have permission to access /hit.txt on this server.

when user access mydomain.com the linux user is "lighttpd" thus it's in group therefore u can do mydomain.com/hit.txt

i've tested a quite a few times and got annoyed with it, so i remember it very clearly xD
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
i have given chmod 777 permission for access now how to revert that permission mohdsuboor23 Linux - Server 1 12-11-2010 06:19 AM
Samba MODIFY permission needs 'x' permission set in Linux? jlinkels Linux - Software 6 11-13-2009 10:30 AM
can't execute c++ binaries, "permission denied"... even though permission is 777 SerfurJ Programming 14 02-20-2009 05:50 AM
group permission the sticky bit permission comes in capital 'S' pkishorenayak Linux - Newbie 1 04-11-2008 06:04 PM
'permission denied" inspite of right permission flags on network drive anirudhvij Linux - Enterprise 8 05-22-2007 06:57 AM


All times are GMT -5. The time now is 08:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration