Il giorno Tue, 2 Oct 2007 08:27:40 +0200 Raphael Hertzog <hertzog@debian.org> ha scritto: > Hi, Hi Raphael, > On Tue, 02 Oct 2007, root wrote: > > New world-writables files: > > /srv/alioth.debian.org/chroot/home/groups/debian-med/htdocs/uploads > > /srv/alioth.debian.org/chroot/home/users/gismo/public_darcs > > Who ever added those files, please don't create world-writables > directories/files ... in particular when they are in the public > htdocs area ! Yes, sorry. I'm responsible for the uploads directory in debian-med group. It was a test, and forgot to set the permissions right back, sorry. > Read the "security" section on: > http://wiki.debian.org/AliothWeb I'm gonna read that page, thank you. > I removed the write rights (chmod o-w) for now, please don't put it back > and find another solution to the problem that lead you to create this with > public write rights. Sure. Is there any public directory where www-data has access? (e.g. for uploading files) I've just tried creating an upload/ directory into /home/groups/debian-med/ (a level up the old one), tried to chown www-data:debian-med but didn't work. > Cheers, Thank you, David -- . ''`. Debian maintainer | http://snipurl.com/qa_page/ : :' : Linuxer #334216 | http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://www.debianizzati.org/ `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
Attachment:
signature.asc
Description: PGP signature