[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-users] Help needed: Configuration quick reference cha
From: |
Dave Hall |
Subject: |
Re: [Phpgroupware-users] Help needed: Configuration quick reference chart... |
Date: |
Sun, 06 Apr 2003 08:49:04 +1000 |
Izzy Blacklock <address@hidden> wrote:
> On April 5, 2003 12:43, Dave Hall wrote:
> > Adam Hull <address@hidden> wrote:
> > > This raises the neverending question of permissions. It has been
> > > reccommend numerous
> > > times to me that the phpgroupware directory and files not have x
> > > permissions.However, I have tested this and it does not work for
> > > me. this is true for the tmp
> > > directory as well
> > >
> > > Can anyone shed some light on this?
> > >
> > > what I reccommend is:
> > >
> > > phpgroupware 770
> >
> > owned by user:group - *not* the apache user 664
>
> shouldn't this be 775, or 755 as I've been doing. Don't you need
> execute
> permission to enter the dir?
No only the directories need execute rights ... not the files.
>
> > > header.inc.php 770
> >
> > owned by user:group - *not* the apache user - perms 664
> > or if you want to be able to edit the header, change the perms to
> > owned by apache-user:group - perms 664
> > then
>
> There are passwords in this file (an issue that should be
> addressed one day.).
> I don't think making it world readable is a good idea. I like 400
> owned by
> apache myself. See my other message...
>
> >
> > > files 660
> >
> > owned by apache-user:apache-user - *not* the apache user - perms 660
>
> I'm confused
Sorry I was cutting and pasting .... apache 660 will do
>
> >
> > > tmp 770
> >
> > /tmp should always be 777
>
> Don't you want the sticky bit set on this to prevent unauthorized
> modifications? Here's a clip from
> http://www.hackphreak.org/newbie/linuxbxj.txt which seems to do a
> good job
> explaining the concept (I did a google to find it):
Well, there is another option, our apps can set more secure perms on
uploaded files, ie 600. That will prevent this.
>
> ----- 8< -----
> Speaking of modes. There's a UNIX "gap" where you can have write
> accessto a file even if it's only +r for you, but you still have
> +w access to
> the directory it's in. `cat /dir/file > ~/temp ; vi ~/temp ; mv
> ~/temp
> /dir/file`
> is a rough explanation for this. To prevent modification of files
> unless the
> modifier is the file owner, directory owner, or superuser, you use
> the sticky
> bit.
> The sticky bit is an extra, 1000-mode, that you add to a
> file/directory:
> chmod 1755 stuff
> ------ 8< -------
>
> ...Izzy
>
>
> _______________________________________________
> Phpgroupware-users mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/phpgroupware-users
>
dave.hall.vcf
Description: Card for <dave.hall@mbox.com.au>