Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
03-05-2006, 03:48 AM
|
#1
|
|
Member
Registered: Aug 2005
Location: In My Office
Distribution: Fedora, Ubuntu
Posts: 61
Rep: 
|
chmod o+w
Hi,
If i use the command chmod o+w to change permissions of a web folder/file eg httpdocs or index.html does this make that particular file/folder under a security threat?
|
|
|
|
|
03-05-2006, 04:24 AM
|
#2
|
|
Senior Member
Registered: Aug 2005
Posts: 1,755
Rep:
|
Possibly. But the question is, what are you trying to do? Because there is probably a better way to do it.
|
|
|
|
|
03-05-2006, 05:12 AM
|
#3
|
|
Member
Registered: Aug 2005
Location: In My Office
Distribution: Fedora, Ubuntu
Posts: 61
Original Poster
Rep:
|
OK here is the scenario.
Its a webserver running Vhosts. I manage all my domains using Plesk.
When i create a domain and host the website i create a FTP username and password
for the domain owner (also done in plesk)
The domain owner can login with out a problem and they login to their home folder which
would be
/var/www/vhosts/domain.com/
now when the domain owner tries to upload their website into
/var/www/vhosts/domain.com/httpdocs
they get permission errors, that they cannot add files or make changes to the folder.
even to a file within the folder eg
/var/www/vhosts/domain.com/httpdocs/index.html
when i do
chmod o+w /var/www/vhosts/domain.com/httpdocs/
or
chmod o+w /var/www/vhosts/domain.com/httpdocs/index.html
it seems to fix the issue, but i am afrain it could be a security risk
|
|
|
|
|
03-05-2006, 05:52 PM
|
#4
|
|
Senior Member
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290
|
You need to make sure that /var/www/vhosts/domain.com/httpdocs is owned by the domain owner and their user has write permission. You also needto make sure that the user your Web server runs as has read permission (so it can serve the folder). The chmod o+w command makes the directory writeable by other (anyone not the owner/group of the file, though the owner/group probably can write to it too but their permissions are handled separately).
I would suggest googling around for a good tutorial on Unix permissions. There's no reason to make a directory world writeable just so one user can put files into it.
|
|
|
|
|
03-05-2006, 11:27 PM
|
#5
|
|
Member
Registered: Aug 2005
Location: In My Office
Distribution: Fedora, Ubuntu
Posts: 61
Original Poster
Rep:
|
Hi,
Did abit of research and one of the docs i read suggested
chod 0755
Any warnings before using it?
|
|
|
|
|
03-05-2006, 11:42 PM
|
#6
|
|
Senior Member
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290
|
That will give the directory owner rwx permissions, the group r-x permissions, and all others also r-x permissions./ Depending on whether or not /var/www/vhosts/domain.com/httpdocs has correct ownerdship and group ownership this may or may not have the effect you want.
Can you do "ls -ld /var/www/vhosts/domain.com/httpdocs" (no quotes) and tell us which user is supposed to be allowed to write into the directory?
|
|
|
|
|
03-06-2006, 01:58 AM
|
#7
|
|
Member
Registered: Aug 2005
Location: In My Office
Distribution: Fedora, Ubuntu
Posts: 61
Original Poster
Rep:
|
this is for the first domain
drwxr-xr-x 5 user1 psaserv 4096 Mar 5 17:01 /var/www/vhosts/domain1.com/httpdocs/ (made the chmod o+w changes then later did chmod 0755 to test)
drwxr-x--- 4 user2 psaserv 4096 Feb 23 01:04 /var/www/vhosts/domain2.com/httpdocs/ (this is the other domain, user2 cannot make changes)
When command groups is typed, psaserv is not shown
|
|
|
|
All times are GMT -5. The time now is 10:09 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
