Re: Report of insecure / suspicious changes

To: David Paleino <d.paleino@gmail.com>
Cc: debian-med@lists.debian.org
Subject: Re: Report of insecure / suspicious changes
From: Raphael Hertzog <hertzog@debian.org>
Date: Tue, 2 Oct 2007 09:42:24 +0200
Message-id: <[🔎] 20071002074224.GD5236@ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, David Paleino <d.paleino@gmail.com>, debian-med@lists.debian.org
In-reply-to: <[🔎] 20071002110316.3696ef36@matrix>
References: <E1IcYNI-0004Rq-W3@alioth.debian.org> <20071002062740.GA3112@ouaza.com> <[🔎] 20071002110316.3696ef36@matrix>

Hi,

On Tue, 02 Oct 2007, David Paleino wrote:
> > Read the "security" section on:
> > http://wiki.debian.org/AliothWeb
> 
> I'm gonna read that page, thank you.
> 
> > I removed the write rights (chmod o-w) for now, please don't put it back
> > and find another solution to the problem that lead you to create this with
> > public write rights.
> 
> Sure.
> 
> Is there any public directory where www-data has access? (e.g. for uploading
> files)
> 
> I've just tried creating an upload/ directory into /home/groups/debian-med/ (a
> level up the old one), tried to chown www-data:debian-med but didn't work.

Read the page above before asking more questions. :-)

Use ACL for this (man setfacl).

Cheers,
-- 
Raphaël Hertzog

Premier livre français sur Debian GNU/Linux :
http://www.ouaza.com/livre/admin-debian/

Reply to:

References:
- Re: Report of insecure / suspicious changes
  - From: David Paleino <d.paleino@gmail.com>

Prev by Date: Re: Proposal :)
Next by Date: Re: Proposal :)
Previous by thread: Re: Report of insecure / suspicious changes
Next by thread: Help on SVN post-commit
Index(es):
- Date
- Thread