LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-05-2006, 10:33 PM   #1
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Rep: Reputation: 15
Uncomfortable security issues with Apache Folder Tree


I'm using Fedora Core 3. But my concern flows way ahead any Fedora distribution (perhaps any distro around)...

I'm using Mantis, a PHP web based bugtracker at home as a task manager and it works really fine. The problem is that the whole folder tree is readable/writable/executable to all users on the system...

drwxrwxrwx mantis/

It has a lot of configs inside it's folder wich has passwords etc. The files are readable/writable/excutable too, to all users on the system.

If I disable rwx permissions for other users (not root), things start to go wrong. If I disable those permissions to the folder, things start to go wrong too...

The same things happen to the phpmyadmin folder inside apache...

By the way, the tree works like this:

mantis = /var/www/html/mantis
phpmyadmin = /var/www/html/phpmyadmin

How can I overcome this problem?

Is Apache meant to be a "one and only user" machine (root)? What if I have a multiuser machine?
 
Old 07-05-2006, 10:49 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
I run my Apache as user:group apache:apache and all of the files under /var/www are owned by apache:apache. rwx permissions are 000 for others, only the apache user and apache group members can access the directory structure.

I'm not running the same apps you are, but it should work since I have read/write access to the required files and directories while not allowing other users access to anything under /var/www

Hope that helps - or at least starts some debate...
 
Old 07-06-2006, 11:48 PM   #3
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Original Poster
Rep: Reputation: 15
Worked perfectly!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Find 100 largest files in folder tree tyreth Linux - General 2 02-07-2006 09:18 AM
Folder Security keysorsoze Linux - Security 2 11-30-2005 09:48 PM
Reboot and folder security. What the...? lowbrow Linux - Security 9 06-20-2005 07:02 PM
Makefile to resursively compile a folder tree yapp Programming 5 06-14-2005 08:51 PM
the bible = the tree of the knowledge of good and evil () Jesus = the tree of life Michael111 General 2 04-14-2004 05:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration