Keeping user dirs secure

W

wildmanmatt

Verified User
Joined
Nov 2, 2009
Messages
23
Hi,

I have a problem that a couple of my users keep leaving their web dirs at 777.
So, I was thinking of setting up a cronjob to reset all /home/ -R file permissions, but I'm not sure what is the best to set them to...

I know that users are running Joomla, Magento and some basic html sites. Is 655 a safe bet or would that stop some functionality? (such as required PHP form upload scripts?)

Thanks,

Matt
 
Do you run suphp? That would stop them right there :)

Directorys should be: 755
Files should be: 644
 
I don't run suphp, no...I can easily install it though - how would it stop dirs being left at 777? (the problem I have is that someone setup a phishing site on one of my user's sites)

How would a recursive chmod command be used to set directories as one permission and files as another?

Thanks,

Matt
 
Using the find command:

Code: 
find /home/*/domains/*/*_html -type d -exec chmod 755 {} \;
find /home/*/domains/*/*_html -name *.php -type f -exec chmod 644 {} \;

Suphp is great because it executes scripts as the end user instead of the webserver user. Main reason people end up chmodding folders 777 is because the programs like joomla require it to write files. Suphp stops world/group writeable folders because it will basically error out and say that it cannot work until the permissions are changed. Im sure there are other apache mods and stuff out there for greater security. I consider suphp a step forward though.
 
How can I ensure that files within a user's home dir remain owned and in the group of the user with a similar crontab?
 
You must log in or register to reply here.
Back
Top