LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-27-2007, 12:54 AM   #1
Neo-Leper
Member
 
Registered: Nov 2006
Posts: 141

Rep: Reputation: 15
/var Permissions


I have apache2 set up in /var/www/ I also have other things set up in in the /var to run a private server as well as php scripts, etc.

I had a hard time getting Zina to work correctly. I tried everything and then played around with the permissions of /var and now Zina works fine. But I am worried that I set the permissions to something I should not have.

The server I have is set to listen to localhost:80 It can't be accessed from the internet.

Now what I want to make sure is secure is this. What permissions would be safe to use for this folder. I am right clicking the folder in Ubuntu 7.04 and changing the permissions that way.

The most important one I want to make sure is secure and set correctly is the others option in permissions. I am also applying them to all folders and files in the /var directory.

Any help or suggestions would be greatly appreciated.
 
Old 06-27-2007, 02:45 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
You aren't supplying any details. Which directories in /var/www do you need to change. It looks like you are applying too wide of a brush.
 
Old 06-27-2007, 03:00 AM   #3
Neo-Leper
Member
 
Registered: Nov 2006
Posts: 141

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by jschiwal
You aren't supplying any details. Which directories in /var/www do you need to change. It looks like you are applying too wide of a brush.

Yeah I know but I did a broad change. /var and all folders and files under it. I think I finally got it changed the way I need to.

What I am now wondering is this. What permissions should;

/var/lib/
/var/lib/php5/
/var/mysql/
/var/apache2/
/var/www/
/var/run/

I think that covers the ones I need to make sure of.


As far as a general permission setting just for the folder /var what should that be? I may have to go and change each folder one at a time in there soon and make sure all the folders are ok.

(If you can't tell, I am new to permissions and should have known better then to play around with them without further researching it.)

Last edited by Neo-Leper; 06-27-2007 at 03:03 AM.
 
Old 06-27-2007, 03:24 AM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Code:
ls -ld /var/lib/ /var/lib/mysql /srv/www /var/run
drwxr-xr-x  5 root  root  4096 2007-05-25 11:28 /srv/www
drwxr-xr-x 45 root  root  4096 2007-06-26 09:05 /var/lib/
drwxr-xr-x  4 mysql mysql 4096 2007-05-30 04:21 /var/lib/mysql
drwxr-xr-x 22 root  root  4096 2007-06-27 02:53 /var/run
I removed some SuSE specific and /var/tmp/* directories. These are the directories that aren't "drwxr-xr-x"
Code:
drwx------ 2 root root 4096 Jan 13 23:25 /var/adm/autoinstall/init.d
drwx------ 2 root root 4096 Jan 13 23:25 /var/adm/autoinstall/cache
drwx------ 2 root root 4096 Jan 13 23:25 /var/adm/autoinstall/logs
drwx------ 2 root root 4096 Jan 13 23:25 /var/adm/autoinstall/scripts
drwx------ 2 root root 4096 Jan 13 23:25 /var/adm/autoinstall/files
drwx------ 5 root root 4096 May 25 11:42 /var/adm/backup
drwxrwxr-t 5 root uucp 4096 Jun 27 01:07 /var/lock
drwxrwxrwx 2 root root 4096 Jun 23 04:30 /var/cache/mms
drwx------ 2 root root 4096 Nov 25  2006 /var/cache/multipath
drwxrwxr-x 2 root lp 4096 Jun 20 04:27 /var/cache/cups
drwxrwxr-x 2 root man 4096 Nov 25  2006 /var/cache/susehelp
drwx------ 3 beagleindex beagleindex 4096 May 25 11:56 /var/cache/beagle/.beagle
drwxrwxrwt 5 root root 4096 Jun 26 08:00 /var/cache/fonts
drwxrwxrwt 4 root root 4096 May 26 03:06 /var/cache/fonts/source
drwxrwxrwt 3 jschiwal users 4096 May 26 03:06 /var/cache/fonts/source/lh
drwxrwxrwt 2 jschiwal users 4096 May 26 03:06 /var/cache/fonts/source/lh/lh-t2a
drwxrwxrwt 3 jschiwal users 4096 May 25 19:45 /var/cache/fonts/source/jknappen
drwxrwxrwt 2 jschiwal users 4096 Jun  1 03:55 /var/cache/fonts/source/jknappen/ec
drwxrwxrwt 3 root root 4096 Jun  1 03:55 /var/cache/fonts/tfm
drwxrwxrwt 3 jschiwal users 4096 Jun  1 03:55 /var/cache/fonts/tfm/jknappen
drwxrwxrwt 2 jschiwal users 4096 Jun  1 03:55 /var/cache/fonts/tfm/jknappen/ec
drwxrwxrwt 4 root root 4096 Jun  1 03:56 /var/cache/fonts/pk
drwxrwxrwt 3 jschiwal users 4096 Jun  1 03:56 /var/cache/fonts/pk/lexmarks
drwxrwxrwt 3 jschiwal users 4096 Jun  1 03:56 /var/cache/fonts/pk/lexmarks/jknappen
drwxrwxrwt 2 jschiwal users 4096 Jun  1 03:56 /var/cache/fonts/pk/lexmarks/jknappen/ec
drwxrwxrwt 4 jschiwal users 4096 May 26 03:06 /var/cache/fonts/pk/ljfour
drwxrwxrwt 3 jschiwal users 4096 May 26 03:06 /var/cache/fonts/pk/ljfour/lh
drwxrwxrwt 2 jschiwal users 4096 May 26 03:06 /var/cache/fonts/pk/ljfour/lh/lh-t2a
drwxrwxrwt 3 jschiwal users 4096 May 25 19:46 /var/cache/fonts/pk/ljfour/jknappen
drwxrwxrwt 2 jschiwal users 4096 Jun  1 03:55 /var/cache/fonts/pk/ljfour/jknappen/ec
drwxr-x--- 2 wwwrun root 4096 Nov 25  2006 /var/cache/apache2
drwxrwxr-x 2 games games 4096 May 25 11:41 /var/games
drwxrwxrwx 4 root root 4096 Jun 23 04:25 /var/lib/mms
drwxr-x--- 2 jschiwal jschiwal 4096 Jun 23 04:25 /var/lib/mms/movies
drwxrwxrwx 2 root root 4096 Apr 20 16:30 /var/lib/mms/playlists
drwx------ 2 root root 4096 Nov 25  2006 /var/lib/pam_devperm
drwx------ 3 root root 4096 May 25 11:37 /var/lib/xdm/authdir
drwx------ 2 root root 4096 Jun 23 19:22 /var/lib/xdm/authdir/authfiles
drwx------ 2 root root 4096 Nov 25  2006 /var/lib/nfs/sm
drwx------ 2 root root 4096 Nov 25  2006 /var/lib/nfs/sm.bak
drwxrwx--T 2 root gdm 4096 Jun 23 19:18 /var/lib/gdm
drwxrwx--- 2 root users 4096 May 14 07:23 /var/lib/samba/profiles
drwxr-x--- 2 root root 4096 Jun  6 04:44 /var/lib/samba/winbindd_privileged
drwxrwx--T 2 root users 4096 May 31 03:37 /var/lib/samba/usershares
drwxrwxr-x 9 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/W32X86
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/x64
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/W32PPC
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/IA64
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/W32MIPS
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/W32ALPHA
drwxrwxr-x 2 root ntadmin 4096 May 14 07:23 /var/lib/samba/drivers/WIN40
drwxr-xr-t 7 root root 4096 Jun 26 08:00 /var/lib/texmf
drwxr-xr-t 2 root root 4096 Nov 27  2006 /var/lib/texmf/db
drwx--x--x 2 root root 4096 May 25 12:01 /var/lib/YaST2/backup_boot_sectors
drwx------ 2 root root 4096 Nov 25  2006 /var/lib/smpppd
drwxr-x--- 2 root root 4096 May 25 07:03 /var/lib/acpi
drwxr-x--- 2 wwwrun root 4096 Nov 25  2006 /var/lib/apache2
drwx------ 2 mysql mysql 4096 Nov 25  2006 /var/lib/mysql/.protected
dr-xr-xr-x 2 root root 4096 May 25 12:01 /var/lib/zypp/cache/Source.tbNxHP/MEDIA/media.1
dr-xr-xr-x 2 root root 4096 May 29 08:40 /var/lib/zypp/cache/Source.fs92VR/MEDIA/media.1
drwx------ 2 root root 4096 Jun 11 00:24 /var/lib/zypp/db/sources
drwx------ 2 root root 4096 Apr 27 10:12 /var/log/audit
drwxr-x--- 2 news news 4096 May 25 11:53 /var/log/news
drwxr-x--- 2 gdm gdm 4096 Jun 23 04:52 /var/log/gdm
drwxr-x--- 3 root root 4096 May 31 03:37 /var/log/samba
drwx------ 5 root root 4096 May 30 03:54 /var/log/samba/cores
drwx------ 2 root root 4096 May 30 03:54 /var/log/samba/cores/winbindd
drwx------ 2 root root 4096 May 30 03:50 /var/log/samba/cores/smbd
drwx------ 2 root root 4096 Jun 16 10:36 /var/log/samba/cores/nmbd
drwx------ 3 root root 4096 Jun 27 01:44 /var/log/YaST2
drwxr-x--- 2 root dialout 4096 Nov 25  2006 /var/log/smpppd
drwx------ 2 root root 4096 Mar 26 10:24 /var/log/krb5
drwxr-x--- 2 root root 4096 Nov 25  2006 /var/log/apache2
drwx------ 5 root root 4096 Jun  4 23:59 /var/log/apparmor
drwx--x--- 2 postfix maildrop 4096 Jun 23 19:22 /var/spool/postfix/public
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/flush
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/corrupt
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/hold
drwx-wx--- 2 postfix maildrop 4096 Jun 26 23:59 /var/spool/postfix/maildrop
drwx------ 2 postfix root 4096 Jun 26 23:59 /var/spool/postfix/incoming
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/bounce
drwx------ 2 postfix root 4096 Jun 26 23:59 /var/spool/postfix/active
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/saved
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/trace
drwx------ 2 postfix root 4096 Jun 23 19:22 /var/spool/postfix/private
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/deferred
drwx------ 2 postfix root 4096 Nov 25  2006 /var/spool/postfix/defer
drwx--x--- 3 root lp 4096 Jun 23 17:43 /var/spool/cups
drwxrwx--T 2 root lp 4096 Jun 27 00:21 /var/spool/cups/tmp
drwx------ 4 root root 4096 Apr 17 08:16 /var/spool/cron
drwx------ 2 root root 4096 Jun  4 06:17 /var/spool/cron/tabs
drwxrwxrwt 2 root root 4096 Jun 27 00:09 /var/spool/mail
drwxrwx--- 2 mail mail 4096 Nov 25  2006 /var/spool/clientmqueue
drwx------ 2 at at 4096 Nov 28  2006 /var/spool/atspool
drwx------ 2 at at 4096 May 25 11:41 /var/spool/atjobs
drwxr-x--- 2 jschiwal root 4096 Jun 23 19:22 /var/run/xdmctl/dmctl-:0
drwxr-x--- 2 root root 4096 Jun 23 19:22 /var/run/xdmctl/dmctl
drwxrwxrwt 2 root root 4096 Jun 23 14:20 /var/run/uscreens
drwx------ 2 root root 4096 Mar 27 05:53 /var/run/NetworkManager
dr-x--x--x 2 lp sys 4096 Jun 27 00:21 /var/run/cups/certs
drwx------ 2 root root 4096 Nov 27  2006 /var/run/agentx
drwxr-x--- 2 root dialout 4096 Nov 25  2006 /var/run/smpppd
drwx------ 4 root root 4096 Jun 26 01:42 /var/run/sudo
drwx------ 2 root root 4096 Jun 26 01:43 /var/run/sudo/gues
drwx------ 2 root root 4096 Jun 27 02:49 /var/run/sudo/jschiwal
 
Old 06-27-2007, 03:28 AM   #5
Neo-Leper
Member
 
Registered: Nov 2006
Posts: 141

Original Poster
Rep: Reputation: 15
Thank you. I am going to get on this now. I have been sitting here paranoid wondering what I screwed up and how insecure it all was, lol.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
/var/log/wtmp Permissions berzerked Red Hat 3 10-05-2011 02:49 PM
how to set permissions on /var/www? AVD_ZM Linux - Newbie 1 03-04-2007 11:27 AM
proper permissions for /var ? rcorkum Slackware 3 12-08-2006 03:10 PM
Restoring /var permissions? Vinter Linux - Software 1 08-10-2006 09:41 AM
Need help restoring /var permissions Thiink Slackware 1 02-21-2005 05:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration