LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-09-2017, 11:35 PM   #1
unclesamcrazy
Member
 
Registered: May 2013
Posts: 200

Rep: Reputation: 1
Need to implement secure /var/www/html and /usr/lib/cgi-bin in Apache


I have installed apache on my ubuntu. The htdocs folder is in /var/www/html
I am using a cgi script (running in browser) to write files inside multiple directories of /var/www/html.

If I give 755 permission(looks safest because only owner has write permissions) to directories inside /var/www/html then I am not able to write into them using cgi script because cgi script owner is www-data which does not have permission to write into them.

If I give 777 permissions to these directories then everything works fine but this does not look a secure way at all because projects of /var/www/html folder is accessible using browser globally and 777 means anyone can write into them.

What should be the ownership and permissions of /var/www/html and the directories inside /var/www/html, so projects are secured enough and cgi script should be worked fine.

Please help.

Thank You
 
Old 03-10-2017, 12:18 AM   #2
tshikose
Member
 
Registered: Apr 2010
Location: Kinshasa, Democratic Republic of Congo
Distribution: RHEL, Fedora, CentOS
Posts: 525

Rep: Reputation: 95
Hi,

If your installation is standard so the permissions on /var/www/html are 755 and it is own by root:root.
But while Apache runs it drops the privileges to apacha:apache, who does not have rights to write to the folder.
This is by design and on purpose.

Why do you want to allow a cgi script to write to /var/www/html/ ?
If your web site is compromised the attacker can then arbitraily alter/modify/add anything wanted in your web site.
And you do not want that? Do you?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Giving Access to /var/www/cgi-bin without typing root password zak100 Linux - Newbie 5 09-18-2014 12:27 AM
Nginx + Apache. Always get /var/www/html/index.html angryrabbit Linux - Server 1 11-27-2011 04:56 PM
Permissions of web server folders(cgi-bin, var/www/html) niner710 Linux - Newbie 14 05-14-2008 10:54 AM
why can't create a folder in /usr/lib/cgi-bin adam_ant Linux - Software 2 12-07-2005 05:05 AM
apache 403 for dir in /var/www/html/ m3rajk Linux - Networking 7 10-11-2005 01:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration