LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   /var Permissions (https://www.linuxquestions.org/questions/linux-security-4/var-permissions-564745/)

Neo-Leper 06-27-2007 12:54 AM
/var Permissions
 
I have apache2 set up in /var/www/ I also have other things set up in in the /var to run a private server as well as php scripts, etc.

I had a hard time getting Zina to work correctly. I tried everything and then played around with the permissions of /var and now Zina works fine. But I am worried that I set the permissions to something I should not have.

The server I have is set to listen to localhost:80 It can't be accessed from the internet.

Now what I want to make sure is secure is this. What permissions would be safe to use for this folder. I am right clicking the folder in Ubuntu 7.04 and changing the permissions that way.

The most important one I want to make sure is secure and set correctly is the others option in permissions. I am also applying them to all folders and files in the /var directory.

Any help or suggestions would be greatly appreciated.

jschiwal 06-27-2007 02:45 AM
You aren't supplying any details. Which directories in /var/www do you need to change. It looks like you are applying too wide of a brush.

Neo-Leper 06-27-2007 03:00 AM
Quote:
Originally Posted by jschiwal
You aren't supplying any details. Which directories in /var/www do you need to change. It looks like you are applying too wide of a brush.

Yeah I know but I did a broad change. /var and all folders and files under it. I think I finally got it changed the way I need to.

What I am now wondering is this. What permissions should;

/var/lib/
/var/lib/php5/
/var/mysql/
/var/apache2/
/var/www/
/var/run/

I think that covers the ones I need to make sure of.


As far as a general permission setting just for the folder /var what should that be? I may have to go and change each folder one at a time in there soon and make sure all the folders are ok.

(If you can't tell, I am new to permissions and should have known better then to play around with them without further researching it.)

jschiwal 06-27-2007 03:24 AM
Code:
ls -ld /var/lib/ /var/lib/mysql /srv/www /var/run
drwxr-xr-x  5 root  root  4096 2007-05-25 11:28 /srv/www
drwxr-xr-x 45 root  root  4096 2007-06-26 09:05 /var/lib/
drwxr-xr-x  4 mysql mysql 4096 2007-05-30 04:21 /var/lib/mysql
drwxr-xr-x 22 root  root  4096 2007-06-27 02:53 /var/run
I removed some SuSE specific and /var/tmp/* directories. These are the directories that aren't "drwxr-xr-x"
Code:
drwx------ 2 root root 4096 Jan 13 23:25 /var/adm/autoinstall/init.d
drwx------ 2 root root 4096 Jan 13 23:25 /var/adm/autoinstall/cache
drwx------ 2 root root 4096 Jan 13 23:25 /var/adm/autoinstall/logs
drwx------ 2 root root 4096 Jan 13 23:25 /var/adm/autoinstall/scripts
drwx------ 2 root root 4096 Jan 13 23:25 /var/adm/autoinstall/files
drwx------ 5 root root 4096 May 25 11:42 /var/adm/backup
drwxrwxr-t 5 root uucp 4096 Jun 27 01:07 /var/lock
drwxrwxrwx 2 root root 4096 Jun 23 04:30 /var/cache/mms
drwx------ 2 root root 4096 Nov 25  2006 /var/cache/multipath
drwxrwxr-x 2 root lp 4096 Jun 20 04:27 /var/cache/cups
drwxrwxr-x 2 root man 4096 Nov 25  2006 /var/cache/susehelp
drwx------ 3 beagleindex beagleindex 4096 May 25 11:56 /var/cache/beagle/.beagle
drwxrwxrwt 5 root root 4096 Jun 26 08:00 /var/cache/fonts
drwxrwxrwt 4 root root 4096 May 26 03:06 /var/cache/fonts/source
drwxrwxrwt 3 jschiwal users 4096 May 26 03:06 /var/cache/fonts/source/lh
drwxrwxrwt 2 jschiwal users 4096 May 26 03:06 /var/cache/fonts/source/lh/lh-t2a
drwxrwxrwt 3 jschiwal users 4096 May 25 19:45 /var/cache/fonts/source/jknappen
drwxrwxrwt 2 jschiwal users 4096 Jun  1 03:55 /var/cache/fonts/source/jknappen/ec
drwxrwxrwt 3 root root 4096 Jun  1 03:55 /var/cache/fonts/tfm
drwxrwxrwt 3 jschiwal users 4096 Jun  1 03:55 /var/cache/fonts/tfm/jknappen
drwxrwxrwt 2 jschiwal users 4096 Jun  1 03:55 /var/cache/fonts/tfm/jknappen/ec
drwxrwxrwt 4 root root 4096 Jun  1 03:56 /var/cache/fonts/pk
drwxrwxrwt 3 jschiwal users 4096 Jun  1 03:56 /var/cache/fonts/pk/lexmarks
drwxrwxrwt 3 jschiwal users 4096 Jun  1 03:56 /var/cache/fonts/pk/lexmarks/jknappen
drwxrwxrwt 2 jschiwal users 4096 Jun  1 03:56 /var/cache/fonts/pk/lexmarks/jknappen/ec
drwxrwxrwt 4 jschiwal users 4096 May 26 03:06 /var/cache/fonts/pk/ljfour
drwxrwxrwt 3 jschiwal users 4096 May 26 03:06 /var/cache/fonts/pk/ljfour/lh
drwxrwxrwt 2 jschiwal users 4096 May 26 03:06 /var/cache/fonts/pk/ljfour/lh/lh-t2a
drwxrwxrwt 3 jschiwal users 4096 May 25 19:46 /var/cache/fonts/pk/ljfour/jknappen
drwxrwxrwt 2 jschiwal users 4096 Jun  1 03:55 /var/cache/fonts/pk/ljfour/jknappen/ec
drwxr-x--- 2 wwwrun root 4096 Nov 25  2006 /var/cache/apache2
drwxrwxr-x 2 games games 4096 May 25 11:41 /var/games
drwxrwxrwx 4 root root 4096 Jun 23 04:25 /var/lib/mms
drwxr-x--- 2 jschiwal jschiwal 4096 Jun 23 04:25 /var/lib/mms/movies
drwxrwxrwx 2 root root 4096 Apr 20 16:30 /var/lib/mms/playlists
drwx------ 2 root root 4096 Nov 25  2006 /var/lib/pam_devperm
drwx------ 3 root root 4096 May 25 11:37 /var/lib/xdm/authdir
drwx------ 2 root root 4096 Jun 23 19:22 /var/lib/xdm/authdir/authfiles
drwx------ 2 root root 4096 Nov 25  2006 /var/lib/nfs/sm
drwx------ 2 root root 4096 Nov 25  2006 /var/lib/nfs/sm.bak
drwxrwx--T 2 root gdm 4096 Jun 23 19:18 /var/lib/gdm
drwxrwx--- 2 root users 4096 May 14 07:23 /var/lib/samba/profiles
drwxr-x--- 2 root root 4096 Jun  6 04:44 /var/lib/samba/winbindd_privileged
drwxrwx--T 2 root users 4096 May 31 03:37 /var/lib/samba/usershares
drwxrwxr-x 9 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/W32X86
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/x64
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/W32PPC
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/IA64
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/W32MIPS
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/W32ALPHA
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/WIN40
drwxr-xr-t 7 root root 4096 Jun 26 08:00 /var/lib/texmf
drwxr-xr-t 2 root root 4096 Nov 27  2006 /var/lib/texmf/db
drwx--x--x 2 root root 4096 May 25 12:01 /var/lib/YaST2/backup_boot_sectors
drwx------ 2 root root 4096 Nov 25  2006 /var/lib/smpppd
drwxr-x--- 2 root root 4096 May 25 07:03 /var/lib/acpi
drwxr-x--- 2 wwwrun root 4096 Nov 25  2006 /var/lib/apache2
drwx------ 2 mysql mysql 4096 Nov 25  2006 /var/lib/mysql/.protected
dr-xr-xr-x 2 root root 4096 May 25 12:01 /var/lib/zypp/cache/Source.tbNxHP/MEDIA/media.1
dr-xr-xr-x 2 root root 4096 May 29 08:40 /var/lib/zypp/cache/Source.fs92VR/MEDIA/media.1
drwx------ 2 root root 4096 Jun 11 00:24 /var/lib/zypp/db/sources
drwx------ 2 root root 4096 Apr 27 10:12 /var/log/audit
drwxr-x--- 2 news news 4096 May 25 11:53 /var/log/news
drwxr-x--- 2 gdm gdm 4096 Jun 23 04:52 /var/log/gdm
drwxr-x--- 3 root root 4096 May 31 03:37 /var/log/samba
drwx------ 5 root root 4096 May 30 03:54 /var/log/samba/cores
drwx------ 2 root root 4096 May 30 03:54 /var/log/samba/cores/winbindd
drwx------ 2 root root 4096 May 30 03:50 /var/log/samba/cores/smbd
drwx------ 2 root root 4096 Jun 16 10:36 /var/log/samba/cores/nmbd
drwx------ 3 root root 4096 Jun 27 01:44 /var/log/YaST2
drwxr-x--- 2 root dialout 4096 Nov 25  2006 /var/log/smpppd
drwx------ 2 root root 4096 Mar 26 10:24 /var/log/krb5
drwxr-x--- 2 root root 4096 Nov 25  2006 /var/log/apache2
drwx------ 5 root root 4096 Jun  4 23:59 /var/log/apparmor
drwx--x--- 2 postfix maildrop 4096 Jun 23 19:22 /var/spool/postfix/public
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/flush
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/corrupt
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/hold
drwx-wx--- 2 postfix maildrop 4096 Jun 26 23:59 /var/spool/postfix/maildrop
drwx------ 2 postfix root 4096 Jun 26 23:59 /var/spool/postfix/incoming
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/bounce
drwx------ 2 postfix root 4096 Jun 26 23:59 /var/spool/postfix/active
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/saved
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/trace
drwx------ 2 postfix root 4096 Jun 23 19:22 /var/spool/postfix/private
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/deferred
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/defer
drwx--x--- 3 root lp 4096 Jun 23 17:43 /var/spool/cups
drwxrwx--T 2 root lp 4096 Jun 27 00:21 /var/spool/cups/tmp
drwx------ 4 root root 4096 Apr 17 08:16 /var/spool/cron
drwx------ 2 root root 4096 Jun  4 06:17 /var/spool/cron/tabs
drwxrwxrwt 2 root root 4096 Jun 27 00:09 /var/spool/mail
drwxrwx--- 2 mail mail 4096 Nov 25  2006 /var/spool/clientmqueue
drwx------ 2 at at 4096 Nov 28  2006 /var/spool/atspool
drwx------ 2 at at 4096 May 25 11:41 /var/spool/atjobs
drwxr-x--- 2 jschiwal root 4096 Jun 23 19:22 /var/run/xdmctl/dmctl-:0
drwxr-x--- 2 root root 4096 Jun 23 19:22 /var/run/xdmctl/dmctl
drwxrwxrwt 2 root root 4096 Jun 23 14:20 /var/run/uscreens
drwx------ 2 root root 4096 Mar 27 05:53 /var/run/NetworkManager
dr-x--x--x 2 lp sys 4096 Jun 27 00:21 /var/run/cups/certs
drwx------ 2 root root 4096 Nov 27  2006 /var/run/agentx
drwxr-x--- 2 root dialout 4096 Nov 25  2006 /var/run/smpppd
drwx------ 4 root root 4096 Jun 26 01:42 /var/run/sudo
drwx------ 2 root root 4096 Jun 26 01:43 /var/run/sudo/gues
drwx------ 2 root root 4096 Jun 27 02:49 /var/run/sudo/jschiwal

Neo-Leper 06-27-2007 03:28 AM
Thank you. I am going to get on this now. I have been sitting here paranoid wondering what I screwed up and how insecure it all was, lol.


All times are GMT -5. The time now is 09:09 PM.