Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-12-2005, 11:25 AM
|
#1
|
Member
Registered: Mar 2005
Location: berlin
Distribution: Redhat 9, Fedora 3
Posts: 70
Rep:
|
security considerations with 777 on shared host?
I've asked two of my Linux providers about this and neither have responded yet, so let me ask this here:
I have a shared hosting Linux environment (e.g. your normal $4.95 a month Linux account)
and let's say I need to give one directory 777 rights (everybody read/write/execute)
in order to use an SQLite database there or create dynamic PDFs or PHP5 files or whatever.
So, what are the security issues with this exactly?
1. Can OTHER people who have accounts at that shared hosting provider who also have SSH access, can THEY go over into my directory and read/create and delete files? If no, how is this actually prevented (when I create users on local Linux systems, every user can READ basically everywhere, even in /etc for instance).
2. What are the issues from OUTSIDE actually, i.e. via HTTP. I just basically need to make sure that no input from forms is going straight into the database or straight into files that could be created, etc. right?
3. Are there any other issues of setting directories to 777 in shared hosting environments?
4. What if I want a really flexible environment where my PHP files create PHP files on the fly including directories, etc. and I set my WHOLE website to 777. Is there any EXTRA security issues with this over and above setting ONE directory to 777?
Thanks.
|
|
|
08-12-2005, 01:00 PM
|
#2
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
Any file with 777 permissions will be readable, writable, and executable by ANY user on the system.
Any directory with 777 permissions will be readable, writable (files may be renamed/created/deleted) and browsable by ANY user on the system.
Yes, if your directory is 777, someone can delete or edit your files. If one of your PHP scripts is insecure, or one of THEIR PHP scripts is insecure, it is possible that data may be editable or deletable from the internet.
Check out this article for more information: http://www.zzee.com/solutions/linux-permissions.shtml
|
|
|
08-13-2005, 01:17 PM
|
#3
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,989
|
But... it will be accessible to them only if they can get to it.
Most hosting-services are sensible enough to restrict all subscriber files to a single home-directory that is assigned uniquely to them. If your files are not accessible to others, the permissions that you assign to them are much less relevant.
Another factor is how other users would be able to reach them: can they get to a shell, or are they limited to http? If the latter, then what Apache will consent to do is a factor.
Nevertheless... you should assign them appropriately.
|
|
|
08-13-2005, 02:59 PM
|
#4
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
let's say I have SSH access on two accounts to a shared box: user1 and user2.
My html files are in /home/user1/public_html, owned by user user1, group users, permissions 755.
Why couldn't user2 just read the files?
|
|
|
All times are GMT -5. The time now is 01:52 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|