LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-14-2012, 11:25 PM   #1
spezticle
Member
 
Registered: May 2010
Distribution: Ubuntu 10.04
Posts: 30

Rep: Reputation: 0
Apache file permissions


I was checking my apache server file permissions and I found a lot of files with 777 permissions. This is bad, right?
In the following output, you will see which files have 777 or 755
I have omitted all of the files that 644 or 744 to minimize the text to look through.

If I understand correctly, only root really needs permission to any of these files so I should be able to set it all to 000 seeing as how root always has permission anyway, right?

Code:
[23:18:08]root@host:/etc/apache2$ ls -lR |grep "rw"
drwxr-xr-x 2 root root 4.0K 2012-04-14 22:59 conf.d
drwxr-xr-x 2 root root  12K 2012-04-07 00:18 mods-available
drwxr-xr-x 2 root root 4.0K 2012-04-07 00:18 mods-enabled
drwxrwxrwx 3 root root 4.0K 2012-04-14 22:55 sites-available
drwxr--r-- 2 root root 4.0K 2012-04-14 22:58 sites-enabled
-rwxrwxrwx 1 root root 1.1K 2012-04-06 23:18 phpmyadmin.conf
-rw-rw-r-- 1 root root   64 2011-09-06 13:34 suexec.load
lrwxrwxrwx 1 root root 28 2012-03-13 00:41 alias.conf -> ../mods-available/alias.conf
lrwxrwxrwx 1 root root 28 2012-03-13 00:41 alias.load -> ../mods-available/alias.load
lrwxrwxrwx 1 root root 33 2012-03-13 00:41 auth_basic.load -> ../mods-available/auth_basic.load
lrwxrwxrwx 1 root root 33 2012-03-13 00:41 authn_file.load -> ../mods-available/authn_file.load
lrwxrwxrwx 1 root root 36 2012-03-13 00:41 authz_default.load -> ../mods-available/authz_default.load
lrwxrwxrwx 1 root root 38 2012-03-13 00:41 authz_groupfile.load -> ../mods-available/authz_groupfile.load
lrwxrwxrwx 1 root root 33 2012-03-13 00:41 authz_host.load -> ../mods-available/authz_host.load
lrwxrwxrwx 1 root root 33 2012-03-13 00:41 authz_user.load -> ../mods-available/authz_user.load
lrwxrwxrwx 1 root root 32 2012-03-13 00:41 autoindex.conf -> ../mods-available/autoindex.conf
lrwxrwxrwx 1 root root 32 2012-03-13 00:41 autoindex.load -> ../mods-available/autoindex.load
lrwxrwxrwx 1 root root 26 2012-03-13 00:41 cgi.load -> ../mods-available/cgi.load
lrwxrwxrwx 1 root root 30 2012-03-13 00:41 deflate.conf -> ../mods-available/deflate.conf
lrwxrwxrwx 1 root root 30 2012-03-13 00:41 deflate.load -> ../mods-available/deflate.load
lrwxrwxrwx 1 root root 26 2012-03-13 00:41 dir.conf -> ../mods-available/dir.conf
lrwxrwxrwx 1 root root 26 2012-03-13 00:41 dir.load -> ../mods-available/dir.load
lrwxrwxrwx 1 root root 26 2012-03-13 00:41 env.load -> ../mods-available/env.load
lrwxrwxrwx 1 root root 27 2012-03-13 00:41 mime.conf -> ../mods-available/mime.conf
lrwxrwxrwx 1 root root 27 2012-03-13 00:41 mime.load -> ../mods-available/mime.load
lrwxrwxrwx 1 root root 35 2012-04-07 00:18 mod-security.conf -> ../mods-available/mod-security.conf
lrwxrwxrwx 1 root root 35 2012-04-07 00:18 mod-security.load -> ../mods-available/mod-security.load
lrwxrwxrwx 1 root root 34 2012-03-13 00:41 negotiation.conf -> ../mods-available/negotiation.conf
lrwxrwxrwx 1 root root 34 2012-03-13 00:41 negotiation.load -> ../mods-available/negotiation.load
lrwxrwxrwx 1 root root 27 2012-03-13 00:42 php5.conf -> ../mods-available/php5.conf
lrwxrwxrwx 1 root root 27 2012-03-13 00:42 php5.load -> ../mods-available/php5.load
lrwxrwxrwx 1 root root 33 2012-03-13 00:41 reqtimeout.conf -> ../mods-available/reqtimeout.conf
lrwxrwxrwx 1 root root 33 2012-03-13 00:41 reqtimeout.load -> ../mods-available/reqtimeout.load
lrwxrwxrwx 1 root root 30 2012-03-23 21:59 rewrite.load -> ../mods-available/rewrite.load
lrwxrwxrwx 1 root root 31 2012-03-13 00:41 setenvif.conf -> ../mods-available/setenvif.conf
lrwxrwxrwx 1 root root 31 2012-03-13 00:41 setenvif.load -> ../mods-available/setenvif.load
lrwxrwxrwx 1 root root 26 2012-03-13 23:47 ssl.conf -> ../mods-available/ssl.conf
lrwxrwxrwx 1 root root 26 2012-03-13 23:47 ssl.load -> ../mods-available/ssl.load
lrwxrwxrwx 1 root root 29 2012-03-13 00:41 status.conf -> ../mods-available/status.conf
lrwxrwxrwx 1 root root 29 2012-03-13 00:41 status.load -> ../mods-available/status.load
lrwxrwxrwx 1 root root 32 2012-04-07 00:18 unique_id.load -> ../mods-available/unique_id.load
drwxrwxrwx 2 root root 4.0K 2012-03-14 00:36 original
-rwxrwxrwx 1 root root 1.1K 2012-04-14 22:34 default
-rwxrwxrwx 1 root root 7.6K 2012-04-14 22:52 default-ssl
-rwxrwxrwx 1 root root  252 2012-04-14 22:33 dl.conf
-rwxrwxrwx 1 root root  252 2012-04-14 22:32 img.conf
-rwxrwxrwx 1 root root  945 2012-03-14 00:36 default
-rwxrwxrwx 1 root root 7.3K 2012-03-14 00:36 default-ssl
lrwxrwxrwx 1 root root 41 2012-04-14 22:55 010-default -> /etc/apache2/sites-available/default
lrwxrwxrwx 1 root root 45 2012-04-14 22:57 015-default-ssl -> /etc/apache2/sites-available/default-ssl
lrwxrwxrwx 1 root root 36 2012-04-14 22:58 020-dl -> /etc/apache2/sites-available/dl
lrwxrwxrwx 1 root root 37 2012-04-14 22:58 025-img -> /etc/apache2/sites-available/img

Last edited by spezticle; 04-14-2012 at 11:27 PM.
 
Old 04-15-2012, 07:25 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
See the following, which will help provide some clarification: http://www.linuxquestions.org/questi...ission-102012/

Most of the files you listed with 777 permissions are links (see the post I referenced above). Others, such as your default, default-ssl, and a few others could be problematic. Normally you want web files to be owned by root and readable but not writeable by others.
 
Old 04-17-2012, 11:33 AM   #3
cliffordw
Member
 
Registered: Jan 2012
Location: South Africa
Posts: 250

Rep: Reputation: 107Reputation: 107
Quote:
Originally Posted by spezticle View Post
If I understand correctly, only root really needs permission to any of these files
This is incorrect (unless it was specifically set up that way, which is a bad idea). The recommended and default configuration is to run the web server as a user and group dedicated for that purpose only. On most Linux distros this is something like wwwrun, www or apache. Some also use 'nobody", but this isn't ideal as it may have other uses too. See https://httpd.apache.org/docs/2.2/mo...mmon.html#user and https://httpd.apache.org/docs/2.2/mo...mon.html#group for details.

This means that this user needs to be able to access the files. I'd suggest making the files owned by root and the apache group, and giving the group read permission.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache file permissions unforkable Linux - Security 1 12-13-2010 04:47 AM
Apache file permissions problem. {Apache/2.2.6 Fedora 8} hacker supreme Linux - Server 5 01-31-2008 03:26 PM
Apache file permissions tntcoder Linux - Newbie 2 08-23-2005 06:50 PM
Apache and File Permissions Matir Linux - Security 6 08-13-2005 12:22 AM
File permissions with apache deee Linux - Newbie 3 03-31-2004 02:24 PM


All times are GMT -5. The time now is 01:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration