HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Web home directories world writable? (http://www.howtoforge.com/forums/showthread.php?t=5771)

zarrelli 25th July 2006 11:36

Web home directories world writable?
 
I was looking at the launch script

ls /etc/init.d/ispconfig_server


###################################
#
# ISPConfig Server-Startscript
#
###################################

TMPDIR=/tmp
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin

case "$1" in
start)
echo "Starting ISPConfig system..."
/etc/init.d/mysqld start &> /dev/null
/etc/init.d/mysql start &> /dev/null
sleep 3
/root/ispconfig/httpd/bin/apachectl startssl
/root/ispconfig/sv/ispconfig_wconf &> /dev/null &
/root/ispconfig/php/php -q /root/ispconfig/scripts/shell/firewall.php
if ps ax | grep -iw '/home/admispconfig/ispconfig/tools/clamav/bin/freshclam' |

So the ispconfig server is contained in /root/ispconfig directory?

Then I looked at ps of apache processes:

homeland:/etc/init.d# ps axwu | grep apache
root 2217 0.0 0.5 102352 12184 ? Ss 11:02 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 2280 0.1 1.4 119820 29308 ? S 11:02 0:02 /usr/sbin/apache2 -k start -DSSL
www-data 2281 0.0 1.3 116828 27264 ? S 11:02 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 2283 0.0 1.3 118168 28612 ? S 11:02 0:01 /usr/sbin/apache2 -k start -DSSL
www-data 2337 0.0 1.3 117848 28456 ? S 11:02 0:01 /usr/sbin/apache2 -k start -DSSL
www-data 6963 0.0 1.3 117600 27940 ? S 11:06 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 7132 0.0 1.3 117764 28176 ? S 11:10 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 7134 0.0 1.3 117616 28012 ? S 11:10 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 7135 0.0 1.3 117712 28192 ? S 11:10 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 7137 0.0 1.3 116592 26936 ? S 11:10 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 8388 0.0 0.5 102352 12216 ? S 11:24 0:00 /usr/sbin/apache2 -k start -DSSL
root 8436 0.0 0.0 2620 504 pts/0 R+ 11:26 0:00 grep apache
homeland:/etc/init.d# ps axwu | grep httpd
root 2067 0.0 0.2 27524 5948 ? Ss 11:01 0:00 /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL
admispc 2072 0.0 0.6 34220 13836 ? S 11:01 0:01 /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL
root 2218 0.0 0.0 2680 436 ? S 11:02 0:00 /root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d
admispc 2492 0.0 0.6 34180 14000 ? S 11:02 0:01 /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL
root 8440 0.0 0.0 2620 504 pts/0 R+ 11:26 0:00 grep httpd

Well, the apache serving user pages has www-data.www-data owner/group.

But since all the user web space are under their userid:

ls -lah /var/www/

drwxr-xr-x 15 web11_giorgio web11 4.0K Jul 25 11:03 web11

That means that each sub directory under web11 root hdtocs should be readable, writable and executable by all (-a in chmod). The same for files in there: to be overwritable by a php generated web process they should be worldwide writable.

I noticed that to make ispconfig be able to modify files in user web homes, its userid is added to each user group.

Aren't these settings a bit insecure? Ore there's something I don't catch?

till 25th July 2006 11:56

Quote:

Originally Posted by zarrelli
Aren't these settings a bit insecure? Ore there's something I don't catch?

No. Please install and enable SuPHP and SuExec for the other CGI scripts.


All times are GMT +2. The time now is 01:35.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.