The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Article Feedback - View all article feedback
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Permissions map fix
Author: Fedor (Ted) Gnuchev 
Date:   03-09-01 12:40

Thanks for very good article!

You may consider changing to "unique" scheme - with every user
getting personal UID==GID.
Also requires User and Group directives in virtual host sections of httpd.conf and correct suexec installation.

(Apply with a grain of salt :-)

Pros:

- you'll be able to track who's running what instead of anonymous apache user. Trust me, it is helpful :-) if you allow them to run perl scripts and give them freedom to use half of the CPAN modules. Some users will mistake you for jellyhead instead of being grateful for being given "no crippleware" tools.

- users will be unable to break out of 750 permission mask on home dir.

- matches PHP security features - you'll need them to stop abuse: php is as dangerous as any good tool for "cripled" users.

Cons:

- you'll have to take care of adding User and Group to every
virtual host section you have.

- you'll have to make sure suexec is properly installed.

- users will stop telling that you suck after couple of unsuccessuful attempts to break your security scheme :-)

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org