OliverScott
Verified User
- Joined
- May 4, 2007
- Messages
- 57
I come from a windows background so you will have to forgive me if I am asking somthing obvious!
Note: This is on a CentOS 4.4 VPS running DA
When I look at the folder permissions for the OS itself most folders are set to 755. For instance:
/etc
/var
/usr
/bin
However /home and all its sub-folders (apart from public_html) is set to 711 which obviously means that a users files are only readable to themselves (other than those in public_html).
If somone uploads a PHP file management script into their webspace and tells it to access the root of the webserver, they are getting a full listing of the system folders, and have read access to things like my exim.conf and cron jobs etc. There isn't anything confidential in them, but this seems rather unprofessional!
I haven't worried about this in the past as all access to the server (via ftp or ssh) was handled by us and not the end user, however I now have to provide ftp access to an end user so would like to 'fix' this issue. I know I could change apache to use suphp, but would prefer not to if I can help it...
Is it possible to change the permissions recursively on the OS 'system folders' such as /etc /var /bin etc so that they are also 711 (or 700 or 750 or whatever is suitable) without breaking things horribly?
Thanks for any suggestions you can make!
Note: This is on a CentOS 4.4 VPS running DA
When I look at the folder permissions for the OS itself most folders are set to 755. For instance:
/etc
/var
/usr
/bin
However /home and all its sub-folders (apart from public_html) is set to 711 which obviously means that a users files are only readable to themselves (other than those in public_html).
If somone uploads a PHP file management script into their webspace and tells it to access the root of the webserver, they are getting a full listing of the system folders, and have read access to things like my exim.conf and cron jobs etc. There isn't anything confidential in them, but this seems rather unprofessional!
I haven't worried about this in the past as all access to the server (via ftp or ssh) was handled by us and not the end user, however I now have to provide ftp access to an end user so would like to 'fix' this issue. I know I could change apache to use suphp, but would prefer not to if I can help it...
Is it possible to change the permissions recursively on the OS 'system folders' such as /etc /var /bin etc so that they are also 711 (or 700 or 750 or whatever is suitable) without breaking things horribly?
Thanks for any suggestions you can make!
