-
January 24th, 2005, 04:08 PM
#11
Mind you, I don't have sensitive documents hosted on the server, just html and image files.
Information leakage can cause problems even if you don't think it's important. What may not be important to you may add some more for someone else. Honestly, if there is no reason to see or use it, they shouldn't.
I'm also confused about the differences between read and execute. I know that write allows a user to modify or add a file/directory, but what about read and execute? When a user visits my site and reads a simple html document, isn't the user already executing it? Or does execute only apply to scripts and programs?
It would only apply to scripts and programs. When the user is reading the file they are just looking at it. No where are they modifying or doing anything to the file. It's akin to cat filename.
What permissions and other steps should I take in order to really lock down my site? I just want people who visit my site to have the bare minimums, like accessing and reading simple html documents.
Then only post what you want them to see. The more complex the site, the more risk and the more things you have to do (e.g., stricter access controls, validation checking, etc.)
-
January 24th, 2005, 09:42 PM
#12
I personally prefer to use a group called "web" to do all that dirty work, so everything apache needs access to gets chowned to (for instance) chsh:web, then chmoded to 0750, and Apache runs as Apache:Web. But hey, to each his (or her) own.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
January 25th, 2005, 06:05 AM
#13
Member
Others hav shown their ideas how to solve ur prob..
Im just wanna explain how chmod works. It is mapped in binary.
Mayb, it isn't importante to know this, just for ur info...
r= read
w= write
x= execute
(Binary)
r | w | x (Decimal)
0 | 0 |0 = 0
0 | 0 |1 = 1 (you ticked on x)
0 | 1 |0 = 2 (you ticked on w)
0 | 1 |1 = 3
1 | 0 |0 = 4 (you ticked on r)
1 | 0 |1 = 5
1 | 1 |0 = 6
1 | 1 |1 = 7 (you ticked everything)
So if u assigned chmod 704 filename, it is likely u assigned 111 000 100 for owner, group and others..
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|