Keeping people out of my files

namit · 10-03-2007, 02:48 PM

So at present people can view files in my public_html but not my home dir but my question is where can i keep website configuration files without people seeing them?

Quote:

/home/namit/
drwx--x--x 14 namit website 4096 2007-10-03 20:25 namit

/home/namit/public_html
drwxr-x--- 22 namit website 4096 2007-09-29 16:55 public_html

so i login as someone else at i get this...

test@mailman:/home/namit$ ls -la
ls: .: Permission denied

Great i do not want anyone to see my files in home.

Quote:

test@mailman:/home/namit$ cd public_html
test@mailman:/home/namit/public_html$ ls -la
drwxr-x--- 3 namit website 4096 2006-11-02 11:35 password_files

I have to leave this open for reading so that php or (www-data) can access it for sql setup and some functions i use, but i do not want anyone to view these.

Any suggestions.

GrapefruiTgirl · 10-03-2007, 03:05 PM

Look into .HTACCESS file usage (assuming this is running on Apache) and I think you may find your solution.

EDIT - is this so BROWSERS can't access and see the files, or is it so USERS OF THE MACHINE cannot see them?? Please clarify. My first advice is to prevent people from BROWSING via the www.

namit · 10-03-2007, 04:13 PM

no its to shop users from doing cat /home/namit/passwordfile or every /home/namit/public_html/passwordfile and still give www-data user access to it (but not let other users write a script to view my password files).

is there some way that i can lock people out of my home directories and not have to read anything?

Thanks

GrapefruiTgirl · 10-03-2007, 04:34 PM

If I'm understanding you correctly, this sounds simply like a file-system permissions issue. I mean, if each USER has their own user account, and RWX permissions are only available to THAT USER, then I don't see how any other user can get in there and read the files, or do anything else to them either...

you could implement things like chroot-jails or _basedir_ restrictions, but it *sounds* like filesystem issue. Again, I apologize if I am missing the point--

maybe I should sit back and see if any other ideas float in..

namit · 10-03-2007, 06:14 PM

so the problem really is where can i store my password files for sql connections and the like that allows www-data to read them but does not allow jimmy (the seccond account) to come along and just to

<?
// This will print out content of password file.
system("cat /home/namit/passwd_file")
?>

Poetics · 10-03-2007, 06:22 PM

If you and jimmy are both members of the "user" group and the directory and/or file has +r access for the group "user", you're going to see this type of behavior -- after all, that's exactly what the permission says: anyone in group "user" can read this file.

Do a few "ls -l" commands and make sure you have the permissions you'd like.

namit · 10-04-2007, 03:08 AM

Just wondering what permitions should i put on my public_html? butcause if its 750 as i have it at the moment other users can view my password files.