Ubuntu Security :: File Permissions With Apache
Jul 6, 2011
I know how to assign file permissions and other tasks like user to group, but I'm stuck with a situation in how I should set up my system.So I have a LAMP server set up. I'm not the only developer so I created a group called "developers" for my other users "Mike," "Alex," and "Cindy," which are developers (I'm Mike by the way). I know that "www-data" is the user and group Apache uses.This is good because only I have permission to update the production site, but for the dev site, it's a different story.
View 3 Replies
ADVERTISEMENT
Jun 30, 2011
What is recommended way to set permissions of folders VAR/WWW for use with apache in 11.04? I would like to let the user "ABC" have access to read/write the website files in this directory. How should permissions on these files be set?
View 2 Replies
View Related
Jan 14, 2010
This is probably a pretty basic question seeing as I'm pretty new to Ubuntu Server. I'm running a simple website from my Ubuntu Server machine with The files are all stored in /var/www/ and then subdirectories. The problem is that when I add files through FTP I need to go and change all of the file permissions since by default they do not have read access so can't be accessed through a web browser on another machine.How can I make the default permissions readable for the directory and all new files that will be moved in it
View 5 Replies
View Related
Jun 26, 2010
I'm trying to learn about permissions on linux webserver with apache.Some clues to the system: The server I have to play around with is Fedora based. Apache runs as apache:apache. To allow for e.g. php to write to a file the file needs to be chmod 777. 755 is not sufficiant.What I'm wondering is basically how set up permissions like they should be on e.g. a "shared web host".My main problem is that if I set a permission so that one user cannot access anothers home folder, then apache can't read from the public_html folder either.
To keep the users out I need to set chmod 700. But to let apache to read I need to have at least execute on world,so a 701 basically works, but won't let some users in.So I'm really stuck on what to do. Have been concidering adding the apache user to the frous grours
below to avoid having to add the world execute flag, but is that a bad thing? Should it be the other way around, the users in the groups below should also be in the apache group?I was aiming at having 4 groups:
1. webapp: same as dev_int, but is the only one that can go inside the webapp/live folder to e.g. do an update from the repo.
2. dev_int: can read,write and execute everything in the "web root", including the two below, but nothing outside of the web root
3. dev_ext: can read write and execute in all client folders, but cannot access anything outside of the webapp root
4. clientsBasic ftp accounts. Has a home folder with a public_html, but cannot access any other home folders
View 1 Replies
View Related
Jul 7, 2009
i am trying to set the file permissions for the log files "/var/log/Xorg.0.log" and "/var/log/gdm/:0.log". These files seem to be created when a user logs into a whokstation (my guess so far). I am trying to comply with a security mandate that all log files in the directory /var/log are set to 0640. The two mentioned files always seem to have the permissions 0644, does anyone know where and when these filea are created and how I might set the permissions when the files are created
View 1 Replies
View Related
Mar 3, 2010
I am setting up a new ubuntu server, and I am quite new to linux. This server will be used as code repository for a project I am going to be working on. I plan to setup 3 groups for users: dev, test, doc
- for various developers, testers and documentation users.
I would like to setup the following permissions on the main code repository directory:
dev - write permission
test - execute permission
doc - read permission
public (anyone outside these groups) - deny all access
I am unsure what chmod setting to use, or if this is even possible in ubuntu.
View 2 Replies
View Related
Mar 24, 2011
How is possible, that vim can write to file and changes his ownerchip ?
View 4 Replies
View Related
Sep 12, 2009
Is there a way to specify append only permissions for a file?
View 2 Replies
View Related
Feb 5, 2010
What do the default file permissions in ubuntu 9.10 protect/deny access to?
View 9 Replies
View Related
May 9, 2010
I have broken my MBR and can now only enter 9.10 with the ubuntu start up cd.when i boot through he ubuntu live cd.I can see my mounted drive with all my files however i do not have the permissions to open or copy some of my files( music, films, pics) . id like to do this so i can transfer all my files to an external HDD and reformat start all over again.error when trying to open files.You do not have the permissions necessary to view the contents of.
View 1 Replies
View Related
Mar 16, 2010
Is it possible to reset apache 2 permissions to default permissions I'm using Ubuntu 9.10 command line server, would webmin give me this access ?
View 1 Replies
View Related
Oct 3, 2010
In Nautilus I select a directory on local NTFS volume. I'm logged in as root, right-click > Properties > Permissions and I set "Others" to "none". But it doesn't work. I want my friends & visitors to use and enjoy Ubuntu but without access to my NTFS volumes.
View 9 Replies
View Related
May 14, 2010
Does anyone know why files in /boot are world-readable (particularly the initial ram disk)? I'm not an expert, but I would not expect anyone except root or a sudoer to have the ability to read these files.
View 5 Replies
View Related
Jul 23, 2009
Picture the following:On computer A, local user John (and John alone) has rwx access to file1.txtComputer B also has a local user account named John. If file1.txt was to be copied from computer A to computer B, would the user account John on computer B be able to access it?I guess this wouldn't work using two windows computers due to the User name / GUID relationship. Maybe linux has something similar?
View 4 Replies
View Related
Jan 25, 2011
Is anyone aware of a detailed "flow chart" -- arrows and decision diamonds, etc -- that describes the file access and permissions processing? I would love to see that diagram. Years ago on a platform far away (Digitial VAX/VMS) their manuals had such a flow chart that covered not only the user-group-owner and read-write-execute permissions decision making but also include "access control list" processing at a superficial level. If someone has access to the VAX/VMS flow chart, that might be a start toward sorting what linux does.
View 4 Replies
View Related
Feb 24, 2011
However, configured a website on a dedicated server using WHM/cPanel. The site was uploaded using the master account for the website.
The security issue is public users are able to upload files on to my server via the website. They could even access the root and execute whatever they want on the server.
I have consulted with 2-3 Linux experts. According to them, the PHP user has rights to execute anything on the server or upload & store files in whichever folder they want.
Can I protect my folders to avoid file uploads via the website. The application has security vulnerabilites. However, I want to prevent hackers to enter my site until the vulnerabilities are fixed.
View 2 Replies
View Related
Nov 2, 2010
I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech. I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute. I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech. simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:
[code]....
View 4 Replies
View Related
Dec 10, 2010
Some time back using this computer a SucKit rootkit was found. Having dd urandomed the drive, flattened CMOS battery, flashed BIOS, run Knoppix live CD 6.1,using no flat pack battery (laptop), and memtested the RAM, I am still having problems with what I suspect is a javascript file that tries to reload the rootkit from? firmware. I suspect the firmware as everything else should have eradicated it??
Also it or a hacker via a backdoor then corrupts the drivers so devices malfunction. Windows security programs and rootkit detectors don't seem to pick it up. Fresh install of Windows or linux after the above still show this problem, though internet not used. The person who admitted rootkitting this machine is capable of writing java programs or using javascripts to do all this.
When viewed using Ubuntu 8.4 files and dates on a Windows partition appear normal both in file manager and terminal. However booting using Knoppix CD these files are all green, and I cannot change their permissions, even as root. ie: everything is green including text files etc. If I copy them to a linux partition, I can change their permissions and make them nonexecutable and nonwritable. Also on the Windows FAT32 partition the . directory has the date 1 Jan 1970.
If I disable any green files, I can shutdown and reboot cleanly. If I don't I start having problems shutting down [/usr/sbin/init ?] And always these follow a pattern:
Can't remember details as I have now corralled the beast but error messages relating to:
nfs-server
inet.d/statd
are the start of these.
View 3 Replies
View Related
Sep 24, 2010
Im using opennms network configuration backup server called 'RANCID'.It run on top of RHEL5 system and using APache. Here's the link which i'm accessing [URL] But any one can access this URL and obtain my configuration files
I want to secure this using a logon page.allow login Only for the successful authentications by entering the predefined username and password But after get authenticate book marking the above URL still can access anyone since it didnt prompt username and password again In eachtime executing the above url it should direct to authenticate page
View 5 Replies
View Related
Oct 16, 2010
Finally I managed to install my printer/scanner drivers.The last thing I need to do is to add the following two lines to 40-libsane.rules (which is a read only file):# Brother scanners ATTRS{idVendor}=="04f9", ENV{libsane_matched}="yes".How can I change permissions for this file or add these lines without changing permissions?
View 2 Replies
View Related
Mar 17, 2010
I'm running Apache2 under uBuntu 9.10. My problem is that I use my own user "wavesailor" to work on my websites. I kept all my sites under /var/www and I set up the security of the directory after following the guidelines.
Code:
sudo chown -R root:root /var/www
sudo chown -R www-data:www-data /var/www/*
[code]...
View 4 Replies
View Related
Nov 12, 2010
this costed me a whole day of trying and retrying. I set up a small home server with apache, php, and mysql.
System infos:
Linux 2.6.31-22-generic-pae
Ubuntu 9.10 Karmic Server edition
Apache/2.2.12 (Ubuntu)
Until now, it served happily a couple of sites, with no problems. But now, I wanted to set up my ftp server to point to the same directory as one of the sites, for me to be able to upload and manage files via ftp. As a server I normally use proftpd. With my usual config, proftpd runs with its own user and simulates the user ftpuser:ftpgroup when creating files. So I just changed all the files to be owned by this user and group. Permissions set to 770.
Everything works fine, and I'm able to access the data via ftp. BUT, when I try to browse my site the usual way (i.e. point firefox to its address) a 403 forbidden error is issued. Of course, you will say: you didn't allow access to apache. Well, I remembered that right away, and added the user www-data to the ftpgroup user. Now I espect apache to be able to read and serve the files.
Still same problem. 403. The apache error log is full with "permission denied" errors. After many attempts, I logged in as the user www-data, and tested access to the files. This way I'm able to cd into the directory, and read-write the files with nano. As a test, I tryed the other way around. Setting www-data:www-data as the owner of the files, and adding the ftpuser to the www-data group. This way apache works, but proftpd does not. Most probably it has something to do with a misunderstanding of groups permissions or the way this two deamons access the files.
View 9 Replies
View Related
Jan 23, 2010
I have a directory in the /var/www folder. I have access to this directory from my windows machine through samba.
Everytime i add new files to the folder where the webpage is locate i need to go to my centos server a type chmod -R 777 /var/www/name
It can't be right that i need to do this everytime i add new files to the folder??
If i dont run this command i can't access this files when I access the webpage throug a browser...
UPDATE: I think It has something to do with the samba user, because if i create the files as root directly on the centos server i dont got the problem ... ?
View 5 Replies
View Related
Feb 23, 2010
I am looking for the best way to set up permissions in the following situation. I have a web server set up on debian. I have different web sites in /var/www. Each web has a group of developers who each have system users and ssh access to the server. For example i have a web site in /var/www/example.com and a group of developers in group exampledev. I need all the users in exampledev plus the apache user (www-data) to have read write and execute permissions on all the content of the web site. I can give the group exampledev these permissions without a problem. The problem is that when they modify or create new files (they either connect via ssh o sftp which is the same right?) they are created with their user and group rather than exampledev. Am i going down the wrong path? This must be a common situation but i haven't found the solution.
View 5 Replies
View Related
Dec 12, 2010
I would like to change the permissions for a directory and all files inside the directory how do I do this? The website is located only on my local network so I am not worried about security. Also what would be the optimal permissions for running wordpress.
View 1 Replies
View Related
Apr 8, 2010
I am very new to linux. The first time i ran a linux machine was one Saturday. Anyway I am trying to set up an apache web server, all I want to do is play around with html and post it on my unbuntu server so it is available to the internet. I am also trying to install samba but I am having trouble with that so for now I am using winscp. Ok, so I made a folder in my home directory for webstuff, and set up apache to look in that folder.
mkdir /home/username/webstuff
I put my index.html file into the /webstuff folder.
But when I go to my website, it says 403 error unable to access "/"
Did I make the folder in the right place? I do not want people being able to access my / folder so maby I made the web stuff folder in the wrong place? Also I thought I would just put my inded.html file inside of the default one apache gives you, but when I tried to transfer index.html it said permission denied. How to set up permissions so I can use apache and transfer my html files from my remote desktop to my server would be great!
View 7 Replies
View Related
Jun 12, 2009
With F11 installed Apache is having permissions issues reading files out of the html directory. Only wants to work with permissions set to read for other. [Thu Jun 11 23:25:28 2009] [error] [client 127.0.0.1] (13)Permission denied: file permissions deny server access: /var/www/html/index.html Tracked down the permissions issue. Is there a good reason not to change the group to apache and remove world read?
View 1 Replies
View Related
Jul 24, 2010
I just installed Ubuntu workstation into VMware and then installed Apache, Mysql, PHP, and phpmyadmin.I am able to access Apache from any computer in my home so there is not issue there.The issue I am facing is when I try to copy anything into /var/www/ I get a permission denied messsage.I added myself to the administrators group and then rebooted but still get the same message.
I was able to access it by using the following command...gksu nautilus.I don't want to have to do that every time. I would like to be able to access it by just opening "Documents" and the selecting "file system" inside of Nautilus.
View 4 Replies
View Related
Feb 6, 2010
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies
View Related
Apr 7, 2010
I am not putting lnux on my mac, so I don't think it goes in the Apple section and Security is the closest I could find regarding file permissions, so excuse me if I am in the wrong area for this question. I need to back up my macbook (OSX) data. I do not have another mac nor do my friendsw.. I do have a PC running ubuntu 9 though. So I hook it up and can see it, but all the document are locked and I dont have permissions.... now with windows I know how to take over permissions, I have looked online and the closest I found is using the temporary root user command to view all locked files but that gets me to about 25% my data.
View 5 Replies
View Related
