Easywebdev
New member
- Joined
- Oct 31, 2004
- Messages
- 2
Hi I've got a few questions about how directadmin installs apache and the secondary groups apache belongs to.
I dont know if any of you are aware of the php script webadmin.php - it is a web based file manager but you can view ALL files on the system with it.
I got a real wake up call when I ran that on my server.
Now to my question, probably more apache than directadmin. The user apache is in the - root bin daemon sys adm tty disk lp mem kmem wheel mail news uucp man games gopher dip ftp lock nobody users rpm floppy vcsa utmp slocate nscd sshd rpc rpcuser nfsnobody mailnull smmsp pcap xfs named ntp desktop netdump mysql - groups this allows the webadmin.php script to view (and if your permissions are not correct) delete/edit virtually any file on the system.
Surely apache only needs to be in the groups apache, and the users (hosting account usernames) groups. Does it need to be in the directadmin group? Does it need to be in any of the first block of groups mentioned?
With php installed as an apache module I have had to introduce open_basedir restrictions to stop webadmin.php browsing the whole damned server.
Any directadmin folk or security gurus care to comment on what groups apache NEEDS to belong to? and does directadmin create the apache user and group when installing for the first time?
I dont know if any of you are aware of the php script webadmin.php - it is a web based file manager but you can view ALL files on the system with it.
I got a real wake up call when I ran that on my server.
Now to my question, probably more apache than directadmin. The user apache is in the - root bin daemon sys adm tty disk lp mem kmem wheel mail news uucp man games gopher dip ftp lock nobody users rpm floppy vcsa utmp slocate nscd sshd rpc rpcuser nfsnobody mailnull smmsp pcap xfs named ntp desktop netdump mysql - groups this allows the webadmin.php script to view (and if your permissions are not correct) delete/edit virtually any file on the system.
Surely apache only needs to be in the groups apache, and the users (hosting account usernames) groups. Does it need to be in the directadmin group? Does it need to be in any of the first block of groups mentioned?
With php installed as an apache module I have had to introduce open_basedir restrictions to stop webadmin.php browsing the whole damned server.
Any directadmin folk or security gurus care to comment on what groups apache NEEDS to belong to? and does directadmin create the apache user and group when installing for the first time?