Re: Report of insecure / suspicious changes
Hi,
On Tue, 02 Oct 2007, David Paleino wrote:
> > Read the "security" section on:
> > http://wiki.debian.org/AliothWeb
>
> I'm gonna read that page, thank you.
>
> > I removed the write rights (chmod o-w) for now, please don't put it back
> > and find another solution to the problem that lead you to create this with
> > public write rights.
>
> Sure.
>
> Is there any public directory where www-data has access? (e.g. for uploading
> files)
>
> I've just tried creating an upload/ directory into /home/groups/debian-med/ (a
> level up the old one), tried to chown www-data:debian-med but didn't work.
Read the page above before asking more questions. :-)
Use ACL for this (man setfacl).
Cheers,
--
Raphaël Hertzog
Premier livre français sur Debian GNU/Linux :
http://www.ouaza.com/livre/admin-debian/
Reply to: