Re: apache, public_html, and security
On 24 Jul 1997, Manoj Srivastava wrote:
> Hi,
> > Even if the users home directory is o-rw, and the public_html
> directory is o+rx, any other user can still read the files in the
> public_html directory. (try it)
>
> manoj
Ok this is how i have things setup.. No one can see in my
directory even others in the group staff (go-rw). The same thing for my
~/public_html dir and even my personal cgi_bin dir.
Having thing set with these perms keeps local users from looking
at your things yes but keep in mind that a local user can look at your
url, know fairly well that there is an index.html, index.htm or
index.shtml there. even with these permissions they can cd to your
public_html dir and vi index.html (or index.htm index.shtml) and see other
things you have. Or simply look at the code via the browser. :-)
drwx--x--x 40 adren staff 3072 Jul 24 12:24 adren
drwx--x--x 27 adren adren 2048 Jul 9 23:02 public_html
drwx--x--x 3 adren adren 1024 May 23 23:34 cgi_bin
Apache already knows where the dirs are so they don't need to be
readable by group and others. Just keep in mind that while all this is
fine nothing in the public_html dir can be kept secret if it is viewable
via the web.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: