Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th July 2006, 11:36
zarrelli zarrelli is offline
Member
 
Join Date: Jul 2006
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Default Web home directories world writable?

I was looking at the launch script

ls /etc/init.d/ispconfig_server


###################################
#
# ISPConfig Server-Startscript
#
###################################

TMPDIR=/tmp
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin

case "$1" in
start)
echo "Starting ISPConfig system..."
/etc/init.d/mysqld start &> /dev/null
/etc/init.d/mysql start &> /dev/null
sleep 3
/root/ispconfig/httpd/bin/apachectl startssl
/root/ispconfig/sv/ispconfig_wconf &> /dev/null &
/root/ispconfig/php/php -q /root/ispconfig/scripts/shell/firewall.php
if ps ax | grep -iw '/home/admispconfig/ispconfig/tools/clamav/bin/freshclam' |

So the ispconfig server is contained in /root/ispconfig directory?

Then I looked at ps of apache processes:

homeland:/etc/init.d# ps axwu | grep apache
root 2217 0.0 0.5 102352 12184 ? Ss 11:02 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 2280 0.1 1.4 119820 29308 ? S 11:02 0:02 /usr/sbin/apache2 -k start -DSSL
www-data 2281 0.0 1.3 116828 27264 ? S 11:02 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 2283 0.0 1.3 118168 28612 ? S 11:02 0:01 /usr/sbin/apache2 -k start -DSSL
www-data 2337 0.0 1.3 117848 28456 ? S 11:02 0:01 /usr/sbin/apache2 -k start -DSSL
www-data 6963 0.0 1.3 117600 27940 ? S 11:06 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 7132 0.0 1.3 117764 28176 ? S 11:10 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 7134 0.0 1.3 117616 28012 ? S 11:10 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 7135 0.0 1.3 117712 28192 ? S 11:10 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 7137 0.0 1.3 116592 26936 ? S 11:10 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 8388 0.0 0.5 102352 12216 ? S 11:24 0:00 /usr/sbin/apache2 -k start -DSSL
root 8436 0.0 0.0 2620 504 pts/0 R+ 11:26 0:00 grep apache
homeland:/etc/init.d# ps axwu | grep httpd
root 2067 0.0 0.2 27524 5948 ? Ss 11:01 0:00 /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL
admispc 2072 0.0 0.6 34220 13836 ? S 11:01 0:01 /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL
root 2218 0.0 0.0 2680 436 ? S 11:02 0:00 /root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d
admispc 2492 0.0 0.6 34180 14000 ? S 11:02 0:01 /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL
root 8440 0.0 0.0 2620 504 pts/0 R+ 11:26 0:00 grep httpd

Well, the apache serving user pages has www-data.www-data owner/group.

But since all the user web space are under their userid:

ls -lah /var/www/

drwxr-xr-x 15 web11_giorgio web11 4.0K Jul 25 11:03 web11

That means that each sub directory under web11 root hdtocs should be readable, writable and executable by all (-a in chmod). The same for files in there: to be overwritable by a php generated web process they should be worldwide writable.

I noticed that to make ispconfig be able to modify files in user web homes, its userid is added to each user group.

Aren't these settings a bit insecure? Ore there's something I don't catch?
Reply With Quote
Sponsored Links
  #2  
Old 25th July 2006, 11:56
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,792
Thanks: 821
Thanked 5,337 Times in 4,187 Posts
Default

Quote:
Originally Posted by zarrelli
Aren't these settings a bit insecure? Ore there's something I don't catch?
No. Please install and enable SuPHP and SuExec for the other CGI scripts.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
mail problem - authentication (postfix,ISPconfig) marclar General 57 24th June 2006 16:24
Break during installation TobiasTM Installation/Configuration 4 13th April 2006 14:56
Update to 2.2.0 question brianetilley Installation/Configuration 10 4th March 2006 17:02
compile error bin-online Installation/Configuration 4 1st March 2006 22:26
Debian install error jf1976 Installation/Configuration 25 19th January 2006 22:31


All times are GMT +2. The time now is 21:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.