[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apache, public_html, and security

On 24 Jul 1997, Manoj Srivastava wrote:
> Hi,
> > 	Even if the users home directory is o-rw, and the public_html
>  directory is o+rx, any other user can still read the files in the
>  public_html directory. (try it)
> 	manoj

	Ok this is how i have things setup.. No one can see in my
directory even others in the group staff (go-rw). The same thing for my
~/public_html dir and even my personal cgi_bin dir. 
	Having thing set with these perms keeps local users from looking
at your things yes but keep in mind that a local user can look at your
url, know fairly well that there is an index.html, index.htm or
index.shtml there. even with these permissions they can cd to your
public_html dir and vi index.html (or index.htm index.shtml) and see other
things you have. Or simply look at the code via the browser. :-)

drwx--x--x  40 adren    staff        3072 Jul 24 12:24 adren
drwx--x--x  27 adren    adren        2048 Jul  9 23:02 public_html  
drwx--x--x   3 adren    adren        1024 May 23 23:34 cgi_bin

	Apache already knows where the dirs are so they don't need to be
readable by group and others. Just keep in mind that while all this is
fine nothing in the public_html dir can be kept secret if it is viewable
via the web.

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: