LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 03-02-2003, 01:52 AM   #1
etherdeath
Member
 
Registered: Apr 2002
Location: New York City
Distribution: Debian
Posts: 30

Rep: Reputation: 15
'Proper' file and directory permissions


I noticed today that my debian installation has set all the directories off of / to 755. Is this good? Any user of my system is able to FTP in and download almost anything. I'd like to change this, but I'm not sure what programs need these permissions, if any.

Also, I'm using apache and "public_html" home directories in the user accounts which have to be set to 701 for the web server to be able to view them and the files have to be at least 604, I think, but this also enables any other user to enter another user's public_html directory and download files if they know the file name. Is there a way to avoid this?
 
Old 03-02-2003, 01:55 AM   #2
bulliver
Senior Member
 
Registered: Nov 2002
Location: British Columbia, Canada
Distribution: Gentoo x86_64; FreeBSD; OS X
Posts: 3,762
Blog Entries: 4

Rep: Reputation: 78
755 permission with a directory just means that non-root people can enter the directory and ls the contents. The permission of the file itself dictates whether they can read/delete/edit/execute it.
 
Old 03-02-2003, 02:05 AM   #3
etherdeath
Member
 
Registered: Apr 2002
Location: New York City
Distribution: Debian
Posts: 30

Original Poster
Rep: Reputation: 15
I understand how directory and file permissions work - what I'm saying is the files themselves are set to readable as well. What I don't know is if they have to be set this way for daemons and other processes to read them. For instance my /etc/passwd file is 644.

As far as the web files are concerned, they do have to be readable so that the web server can read them, but it seems this means any other user can through the file system as well.
 
Old 03-02-2003, 02:07 AM   #4
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 270Reputation: 270Reputation: 270
Anyone setup for FTP, you can look into chroot.

This will jail them into whatever is their default home FTP directory, making it so they can't browse any other part of your filesystem.
 
Old 03-02-2003, 02:10 AM   #5
nxny
Member
 
Registered: May 2002
Location: AK - The last frontier.
Distribution: Red Hat 8.0, Slackware 8.1, Knoppix 3.7, Lunar 1.3, Sorcerer
Posts: 771

Rep: Reputation: 30
The way I would do this is create a group, add the webserver user ( nobody, if you're running apache out of the box ) to that group. chgrp the files that need to be access controlled to that group. Now change permissions on the folders to 750 and files to 640. I'm assuming that the users here own their files, so they get their permissions from the 'owner' set of permissions.
 
Old 03-02-2003, 04:24 AM   #6
etherdeath
Member
 
Registered: Apr 2002
Location: New York City
Distribution: Debian
Posts: 30

Original Poster
Rep: Reputation: 15
Thanks, I'll try the group thing. The apache user is www-data, I think.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LAMP File and Directory permissions dashnaam Linux - Security 1 08-02-2005 12:17 AM
how to fix file and directory permissions asif mushtaq Linux - General 2 07-14-2005 12:51 AM
File/Directory Permissions waynevnc Debian 1 05-23-2005 05:23 PM
File and Directory permissions plasmapudding Red Hat 3 09-09-2003 11:26 AM
Directory and file permissions ryan Linux - Security 2 12-06-2000 01:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration