Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
To start out, let me show you an excerpt of a ls -la in my /var/www/html:
drwxrwxr-x+ root root ./
drwxr-xr-x root root ../
drwxrwx---+ apache licenseGrp encrypt/
I believe that the bottom line is that the (+) in my permissions is causing some really strange things to happen. Everywhere else on my machine (such as one level up in /var/www,) the (+) is absent, and things run as expected: everyone can read, but only root can write to the directory.
I could assume this is some sort of 'feature' in linux: Right now, everyone can write to /var/www/html even though that no one (spare 'root') should. It hasn't bothered me in the past, mostly because I didn't care. However, I need to get this figured out for many reasons (security mainly,) but also because:
I have a user 'license' which is the only authorized user on my system to create software licenses. I have a webpage set up where an authorized user can input license information, and in turn will run (EDIT:) `sudo -u license /home/license/encrypt`. (/EDIT) In theory, this 'encrypt' script will grab an unencrypted license file in /var/www/html/encrypt, encrypt it, and then overwrite it to that same directory. The problem is, user 'license' CANNOT write to that directory, even though it is part of webadminGrp! Not only that, but it cannot write to ANY directory in /var/www/html! On the other hand, I (user 'evlach') am also part of licenseGrp, and CAN write to the directory, as well as /var/www/html.
I could go on with the abnormalities, but I'll leave you with that to ponder. Does anyone have ANY insight as to what could be the ding-dong-deal?
Theres a lot of stuff in there that I don't understand yet, I have a lot of researching to do. But all of this is putting me on the right track, thanks. If you have any more thoughts/hints, I'm all ears. I'll get to work on this and report back.
The rest of my directories are either user_ubject_r:httpd_sys_content_t or rootbject_r:httpd_sys_content_t. I'm not quite sure what that means, I'll be looking into it.
sorry i forgot to have you do a sestatus
also look in /etc/selinux/policies/ (or something close to that) and look at the httpd policy for selinux. If you want to test to see if it is selinux the fast way. edit /etc/selinux/config to say disabled instead of enabled and then reboot. That will disable selinux for a short time to test it. If it is not firewalled or sitting behind a firewall i would disconnect the network cable for that test just to be safer.