Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have some web content purchased from a vendor who designs e-commerce solutions. When the development was done they sent me the content on a CD.
There are 3 directories that need to be writeable by the webserver. What is the proper way to set these permissions so that this site is secure but still functional.
Please be detailed as far as group membership ideas as well.
I have some web content purchased from a vendor who designs e-commerce solutions. When the development was done they sent me the content on a CD.
There are 3 directories that need to be writeable by the webserver. What is the proper way to set these permissions so that this site is secure but still functional.
Please be detailed as far as group membership ideas as well.
Thank you,
Brett
Any developer worth his salt should have given you the necessary info on what is required on this issue. If the system is a php/mysql based package I strongly recommend that you implement mod-security into your apache server. Details available at www.modsecurity.org . Personally I would be very cautious with implementation of effectively untried and untested packages with little or no security track record because anything that is not secure will make you very vulnerable.
Thank you for the reply, I'm looking into modsecurity right now.
You're right the developers should be providing me with these details but they haven't been. When I asked them I was told that the subject was beyond the scope of technical support. Needless to say I haven't been happy with them ever since we paid the bill.
If anyone else has any input on this it would be greatly appreciated.
I am no expert on this and have only one such program running on my system but the files that are written to are outside the document root and have 777 permissions. In this scenario you would need to set the configuration files so that they know where to find the files. Having them outside the document root (/var/www) means they are not exposed to or searchable by visitors and those with evil intent. Ownership would be assigned to the apache user.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.