LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page 77 Permission Problem with Upload
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-18-2008, 07:58 AM   #1
olddocks
LQ Newbie
 
Registered: Dec 2006
Posts: 23

Rep: Reputation: 15
77 Permission Problem with Upload

i am very worried about assigning 777 permissions to anything that is uploaded via PHP script. i own a dedicated server running centos with cpanel.

I read somewhere that assigning the apache or nobody ownership to the upload folder is a good security measure. I did try assigning nobody to the upload folder using

Quote:
chown -R nobody uploads
chmod -R 770 uploads
It looks like not working for me. Here is what the problems i have...

Eventhough now apache is only able to write and no world permissions, when i point to http://url/folder the file contents are listed. i dont want anybody to see whats inside the upload folder. It should get forbidden error? isnt it?

i am confused here...

whats the best way of securing upload folders?
 
Old 01-18-2008, 08:37 AM   #2
Acron_0248
Member
 
Registered: Feb 2006
Location: Venezuela
Distribution: Gentoo
Posts: 453

Rep: Reputation: 33
Hi,



I think that you're looking at the wrong place trying to secure your files...


What you should do to avoid the listing of the uploads directory is use a .htaccess file in the uploads folders with any of this directives:

You could use <Limit>:
Code:
<Limit>
Order Deny,Allow
Deny from all
</Limit>
You could use <Directory>:
Code:
<Directory /path_to_folder>
Order Deny,Allow
Deny from all
</Directory>
And, you could use IndexIgnore:
Code:
IndexIgnore *


Regards
Last edited by Acron_0248; 01-18-2008 at 08:38 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftp 550 Permission denied and upload limitation problem jchibbra Linux - Networking 1 02-16-2007 02:25 PM
ftp server with upload permission Gero Linux - Networking 0 11-19-2004 03:38 AM
vsftpd 1.1.3 - Permission Denied on upload garrett7 Linux - Networking 0 09-29-2004 07:49 AM
Vsftp Upload/Download permission acbenny Linux - Networking 7 08-02-2004 03:31 PM
Permission to upload files in Tomcat lagunito LQ Suggestions & Feedback 0 03-19-2004 04:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:59 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration