Security :: Folder Permissions To Avoid File Upload By Http User?
Feb 24, 2011
However, configured a website on a dedicated server using WHM/cPanel. The site was uploaded using the master account for the website.
The security issue is public users are able to upload files on to my server via the website. They could even access the root and execute whatever they want on the server.
I have consulted with 2-3 Linux experts. According to them, the PHP user has rights to execute anything on the server or upload & store files in whichever folder they want.
Can I protect my folders to avoid file uploads via the website. The application has security vulnerabilites. However, I want to prevent hackers to enter my site until the vulnerabilities are fixed.
View 2 Replies
ADVERTISEMENT
Jul 23, 2009
Picture the following:On computer A, local user John (and John alone) has rwx access to file1.txtComputer B also has a local user account named John. If file1.txt was to be copied from computer A to computer B, would the user account John on computer B be able to access it?I guess this wouldn't work using two windows computers due to the User name / GUID relationship. Maybe linux has something similar?
View 4 Replies
View Related
Oct 16, 2010
Having to write my user password every time I want to do anything. I DO know I'm doing something risky for the system, that's why I have Linux. Is there a way to avoid to rewrite the password again and again, like start with superuser permissions?
View 2 Replies
View Related
Jul 6, 2010
I have a few FTP users on my linux server(running vsftpd). They all have their own directory and can upload and delete files in that folder.Now, I was wondering whether it would be possible to create special permissions/rights for users. For example, I would like to make it so that certain users could not upload .exe files, or I want a certain user to only be able to upload image files (gif, jpg).
View 2 Replies
View Related
Dec 13, 2010
I'M A NOVICE and some days ago my web server was down (apache issue) and I found the following file called .bash_history in the folder /var/www/ :
cd /tmp
ls
wget [MODERATED]
[code]...
View 3 Replies
View Related
Jun 9, 2009
I have just started using linux. I have setup an ubuntu apache2 server. It has been running brilliantly and I am highly impressed with the Linux system. My box is an HTTP server and I am hosting a website on it. I have VSFTPD installed and functioning as my FTP software. It has worked fine so far but I have been a bit annoyed that I have had to set permissions for each file I have put on there.
Now I have run into a serious issue with the permissions being set to 600 and I really need them to 755 because I am running an automatic upload for a webcam and the Image can't be accessed due to the automatic permissions of 600 being set to the image. My extensive windows background tells me that I need to apply the correct permissions to the WWW folder and get the files to inherit these permissions automatically.
View 1 Replies
View Related
May 28, 2011
I have an Ubuntu development server and a Windows 7 workstation. I use Windows Gvim to edit files on the linux server, over a samba connection.Saving files from Windows change the Linux permissions in weird way depending on the Windows app I'm using and also depending on whether there's a file extension or not.Here are some testsNo extension; Notepad2: 644 to 764
matt@mattserver ~ % ls -l testfile
-rw-r--r-- 1 matt matt 0 2011-05-28 07:09 testfile
--- Save from Windows Notepad2 over network ---
[code]....
View 1 Replies
View Related
Apr 30, 2009
I installed lxadmin and now when I try upload files to my lxadmin users public_html folder I get the following message. Cannot write to `backup.zip' (No space left on device). After checking with df -h i noticed / is full.
Quote:[root@box admin]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 1.5G 1.5G 0 100% /
/dev/sda8 65G 341M 61G 1% /var
/dev/sda7 745M 17M 690M 3% /var/tmp
/dev/sda6 996M 34M 911M 4% /tmp
/dev/sda5 2.4G 1.1G 1.2G 48% /usr
/dev/sda1 99M 27M 67M 29% /boot
tmpfs 1014M 0 1014M 0% /dev/shm
/dev/sdb1 367G 195M 348G 1% /var1
View 5 Replies
View Related
May 4, 2010
I want to host a public FTP on my server, but i cannot get it so that people can read and write but not delete ANYTHING from it.
I have tried:
chown root /home/ftpdir
chmod 1777 /home/ftpdir
but people can still delete the files in it, i have no idea what to do next. that's the only thing i can find on Google about how to do it.
the users are logging in with the same Account, i cannot make a new account for each one.
View 1 Replies
View Related
Jun 13, 2010
have setup a LAMP server with ubuntu 10.04 server edition x86 for my study in VMware Workstation 7.1 For a assignment I had to make a php script that would load a file up to the server and set the name in a mysql database. According to the book the server should set the image in a cryptic folder in the /tmp/ folder.
This isn't working and i also try'd locate and find to find the image i uploaded. I checked the php.ini and file uploads were on but no folder so i set that one to /tmp/ but still no images. Can anyone help me with enabling this function?
View 3 Replies
View Related
Nov 27, 2010
I am new user for redhat linux.I tried to install oracle 10g on rhel 5 using vmware.every time i am getting an error message permission denied
[oracle2 localhost tmp]$ cd database_10201/
[oracle2 localhost database_10201]$ ls
doc install response runInstaller stage welcome.html
[oracle2 localhost database_10201]$ sh r
response/ runInstaller
[oracle2 localhost database_10201]$ sh runInstaller
runInstaller: line 54: /tmp/database_10201/install/.oui: Permission denied
how to give all set of permissions to an user for accessing a folder..
View 1 Replies
View Related
May 24, 2010
I may not be a code worrior, yet I have been a Ubuntu convert from Apple for about 3yrs now. Since 1984-2006 now hackers or viruses. And Until now Ubuntu has been clean, well I have been good with repos, etc.
1. Recently I found "Odd" behavior with my Amarok 1.4 player, ffmpeg, winff.
2. During a Synaptic upgrade there were some "unauthorized changes". I have seen this before due to some of my software, so I ignored it. . .
To my bewilderment, "It" erased Amarok 1.4 player, ffmpeg, winff, all image kernels, claimed domain over my system permissions, and external HD. B4 I shutdown, downloaded LUCID 10.4. . . restarted, then copied over all info possible to minimize a complete delete of my system. Upon restart, indeed all kernel images were gone, Only live CD allowed me access to repartition my HD.
NOW. I have Lucid running, and have been denied access to my external HD and partitioned (internal HD). I used Nautilus to copy over files to my internal laptop HD, yet permissions continue to be an issue. The INFECTED FOLDERS are owned by "User 999-user#999. I must micro manage every folder and file to gain "partial permission". The dialog box stutters and never allows me to go down to "Root"
View 5 Replies
View Related
Feb 22, 2011
Recently I've tried installing Calibre from the Software Centre, but it seemed to be glitching as when I press Update Source, the 'In Progress' icon shows up, but when it finishes nothing changes - the Update Source button is still Should I report this?Anyways, I've installed Calibre from their website to .calibre in Home Folder. However, the folder is 'locked' as it requires root priveleges and I can't drop files there without being the admin. I'd like to reduce 'open as root' files to minimum, so I was wondering if there is a way to change the permissions of all the content in one operation, preferably using GUI, and not the terminal?
In addition I've noticed that other folders in my Home Folder like Pictures/Wallpapers require root privileges. This is really annoying as when I 'experiment' with Ubuntu I use Live CD to make sure I don't screw up the main system. When I do I can't open some files from hard disk because of those root inconsistencies
View 5 Replies
View Related
Nov 27, 2010
I'm a new user for oracle,tried to install oracle 10g on redhat linux 5 but gettinh the same error message. response/ runInstaller [oracle2@localhost database_10201]$ sh runInstaller_runInstaller: line 54: /tmp/database_10201/install/.oui: Permission denied_
how to give full set of permisions to an user in linux to access a folder?
View 1 Replies
View Related
Jan 4, 2011
I have a shared folder set up that allows all users on the computer to have access to all the music on the computer. In the folder with all the music the group 'music' has permission to add and delete files and all users are members of 'music'. This should allow all users to have complete access to these files, however, when I add files to the folder they retain their original permissions and do not take on the permissions of the folder. I could change the permissions of the files to reflect the folder every time I add a cd. But that is annoying. What I am wondering is if there is any way to make files automatically reflect the permissions on the folder they are moved into.
View 3 Replies
View Related
Jun 5, 2010
How do I add root permissions to my user account?
I want full permissions for all computers in my house, without having to get up and go to the other room and change permissions for the file, folder, drive, directory, computer, etc., then go back to the other room again.
I just created a partition, as THIS user, THIS machine, rebooted, and cannot create a folder on the partition I just created. UGH. No more of this stuff... I guess at the very least, I'll still have to log onto each machine for this?
View 12 Replies
View Related
Feb 12, 2010
One of my user wants to be able to upload file via browser to the server. For that, i need to grant apache read and write access to a folder. How much secure is allowing apache to grant complete read and write access to a folder ?
View 2 Replies
View Related
Aug 11, 2010
How do I change folder permissions without changing the permissions of the files within the folder?
View 6 Replies
View Related
Mar 19, 2010
I wanna make a small web server for local use , I've installed apache, every thing works fine I'm the root
I wanna protect the folder that contain the htdocs files (www), i don't want any users that not in root group to access (not even read)
I changed the permission of the htdocs folder as next
Owner: www (apache user)
per: creat , delete
group: root
per: creat , delete
other: none
it only works on the main folder that i changed its permissions ! not all sub folders and files ! were my steps right ? and are their anyway to change all folders and files at once ?
View 4 Replies
View Related
Apr 8, 2010
I just added a new user to my ubuntu:
sudo adduser james
When james logs in he access his folder BUT he can also access other user's folders. How can I prevent his access to others? I wish to restrict his account to his folder only (he can read/write).
View 5 Replies
View Related
Nov 21, 2010
I want to have an account (beta user), on which:I can use the Internet and other programs without administrative rights without the right to install programs with a kind of sandbox for everything that is connected to the Internet, which means: everything that is associated with the web browser's processes and files that I save to hard disk I want to be separated from the rest of the system, so that whatever can catch up on this account will be locked in it, for example any (if at all) possible malicious scripts from Internet or whatever may be dangerous now or invented in the future. Sometimes, for example, I save the web page to disk with all it content.
And in case someone cracked into this account I want make it in that way that he could not do any tricks to read or change passwords, or make any other changes to the system. The best would be if a password for that user might serve only to log in without having any other powers, and I would give that user an automatic login. For now I created a beta user without administrative rights. I understand that the limiting rights of the user are associated with limiting rights to their home directory. There are also groups, and a user may be included or excluded. I excluded that user from admin group but I don't know what else I can limit and how. When I give chmod 0644 for /home of this user he cannot run Firefox. When I give him 0740 he can run applications, so I assume the x attribute must be preserved.
This is a user without sudo rights, so when I type sudo apt-get update a message shows up correctly that this user doesn't belong to the sudoers group. But still it's not what I wanted. When the user runs Gufw and wants to change the settings to disable the firewall, a message shows up asking to type in a password of alpha user = primary user, which is that belonging to the sudoers group, the first / main user that I created during system installation. I wish that there was only the message that the beta user has no power to change anything, which means even completely remove the possibility of asking for sudo.
In addition, I wish that this beta couldn't be able to change the permissions to its home directory, or go to see what is above. Because so far beta can change the file permissions for its /home, even without a sudo password. How can I do it? Do I need to create a kind of chroot jail for this user? I would like any changes to that user account could be made only after the user log off from beta account, and log in on alfa account and that beta could run only programs that ware installed by alpha. And that beta could read and write, but alfa could also read and write or remove, alter files on beta account. Basically, alfa account should be superior to beta account. Can do that?
View 9 Replies
View Related
Apr 26, 2011
I've got used to using the ftp command from the terminal, which is useful, especially with macros. But it requires user input, and what I want to do now is upload a specific file to a server, once I've finished working with it every day. It's the same file every day. II would like to be able to do this semi-automatically: I just give the command and it connects to the server and uploads the file. (I will probably want to encrypt the file before uploading it.)I don't know how I could use ftp without any user input: I want it to be automatic.
View 5 Replies
View Related
Jul 16, 2011
look at this : Uploaded with ImageShack.us how can set permissions in linux like this? I want one user can delete files but can't modify them and ... in linux i have 3 group to assign read write and execute them. is ntfs flexible than linux file system?
View 4 Replies
View Related
Nov 18, 2009
I have a server (fedora 11 , LAMP). I want to know if I can upload something to my server via http (I mean from WAN),and this data stream can directly run into MySQL database . Do I need to write some special codes on my web page , or just change apache's configure file
View 7 Replies
View Related
Nov 23, 2010
I opened up my Gimp brushes folder so that I can put a brushes file into the folder. Would not let me do it. Said I am not the owner and do not have permission. I right clicked inside the folder, same thing permissions grayed out, not owner. No apparent option to log in or do anything to gain permission. What can I do?
View 1 Replies
View Related
Jul 7, 2010
I have two users: test1 and test2 When i logged in as test1, I can not change the ownership of a file to test1:test2 it says: Operation not permitted
View 2 Replies
View Related
Jun 13, 2011
I want the LAMP server to present an upload page to the user The user uploads a zip file containing txt files which are tables in clear-text format The server : opens the zip validates the text files (going to skip this for now, but will try to make later) converts the files as here imports them to MYSQL tables All this is supposed to happen automatically, then the user can immediately use the website with the updated data How to implement this (esp. the first part with the zip file)
View 1 Replies
View Related
Jul 28, 2011
I've migrated to Suse from Mandriva. I installed all my backup folders/files to my "home" folder but they have come up locked. I remember in Mandriva to change the permissions I pressed Alt F2 and then entered a command. How do I do it in Suse?
View 8 Replies
View Related
Feb 4, 2010
I am running ubuntu using VirtualBox on a Macbook Pro. I wanted to share my documents folder on the Mac in the virtual machine. I had no issues creating/mounting the share folder on ubuntu. However the file permissions for the shared folder are owned by root.
Code:
drwx------ 1 root root 1088 2010-02-04 10:18 Mac_Share/
I used the following command to mount the folder:
Code:
sudo mount -t vboxsf Share_Documents ~/Mac_Share/
I checked that the folder is mounted I can see what is there using
Code:
sudo ls Mac_Share/
How do I make the folder accessible to the user? Is there another -option needed to do this in the mount command?
View 9 Replies
View Related
Apr 17, 2010
I have two drives in my computer: a 160GB and an 80GB. The 80 holds Ubuntu, the home folder, etc. The 160 is for other files. I need to change the read-write permissions on the 160, but I can't. If I do it through the GUI (right-click>permissions) it just changes back instantly. If I do it through the command line (even with sudo), it has no effect.
View 5 Replies
View Related
