[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SOLVED (sort of) - Re: OT: Accessing users' pages on Apache

Once upon a time Hubert Chan said...
> >>>>> "Kent" == Kent West <westk@acu.edu> writes:
> 
> Kent> That did it.
> 
> Kent> But this seems like a fundamental flaw. User's should be
> Kent> restricted (generally speaking) to writing only to their own home
> Kent> directories, so it seems this is the place for them to put their
> Kent> web pages. But opening up their home directories to world execute
> Kent> seems like a bad idea.
> 
> Setting the world execute bit doesn't open your directory that much.  If
> the execute bit is set, and the read bit isn't, other users won't be
> able to list the contents of your directory.  The only way they can
> access a file is if they know the exact file name (and if they have read
> permissions on that file).

The important part here is the last bit: "and if they have read
permissions on that file".

Opening up you home directory by setting world execute permission (known
as "access" permission for directories), you only give the possibility
of anyone getting access to your files. If none of your files have any
group or world permissions set, then none of your files can be accessed
in any way regardless of the of the access permission on your home
directory.

As far as I know, the only decrease in security here is a small
information leak. If I can guess a filename in your home directory, I
can get the file status. eg. ls -l ~westk/.bashrc , would allow me to
see that you have a .bashrc, its permissions (-rw------- if you a
keeping things tight), owner, group, last access/modification/status
time - but that's it. I cannot look inside ~westk/.bashrc to see its
contents.

Setting your home directory permissions to 700 (drwx------) may give you
a bit of extra safety, but not much in the way of security. It sets up
an "impenetrable" barrier that resricts any access below that point, so
if you were to accidently leave a file world readable (or worse, world
writable), it could not be seen. However, with a correct umask (077),
that sort of accident should not happen.

If you're still concerned, consider what it means to set up a
public_html directory. You're effectively saying: "here, world. have a
look at these files". You have to open up the path to those files so
the world can see them. Even if you planned to use some access controls
to restrict who can see your web pages, you still need to open it up to
some degree. If you want the web pages to be accessible only by you, you
can run a web server under your user account and close off your home
directory access permissions.

Another alternative is to run the webserver as root, so it can bypass
home directory permissions of 700 (drwx------), but you REALLY REALLY
don't want to do that.

So, its not a "fundamental flaw", just the minimum necessary to open up
the files you want to serve.

And then there are other alternatives anyway, as already pointed out by
others on this list:
1) A separate hierarchy for user webpages: eg /var/www/users/<username>
   with appropriate permissions set there, instead of your home
   directory.
2) Use ACLs to give the user "www-data" (the user under which apache
   runs, not "apache" as I mistakenly mentioned before) permission to
   access your home directory and public_html, without opening it up
   that little bit to the rest of the world.
3) I'll bet the creative members on this list could come up with a
   number 3 (and 4, 5, 6...) but I'll leave it there :-)

I hope this alleviates your concerns somewhat.
Reply to: