How can prevent the user from edit file ?

Discussion in 'Technical' started by qwe010, Jan 8, 2007.

  1. qwe010

    qwe010 New Member

    hello

    How can prevent the user from

    edit the files ( .htaccess ) ?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Set the permissions of the file to read only:

    chmod -w yourfilename.ext

    To change this for all files in a direcory:

    cd /your/directory
    chmod -R -w *
     
  3. qwe010

    qwe010 New Member

    thanks

    But I mean for all my clients on my server

    i mean Hypothetical

    i don't want any user but any command in this filse

    like Disruption mod security
     
  4. falko

    falko Super Moderator ISPConfig Developer

    You must change the permissions of each .htaccess file, as Till said.
     
  5. qwe010

    qwe010 New Member

    This is bad , which means that any person can overcome protection

    any idea ?
     
  6. falko

    falko Super Moderator ISPConfig Developer

    There's no problem if you don't give your users shell access (which is a security risk) and configure ProFTPd to not show files beginning with a dot (which is the default setting).
     
  7. qwe010

    qwe010 New Member

    thanks falko

    But if penetrator able to disrupt protection

    Will hacked the sites

    and used the shell freely
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    If you chown the files to user and group root, then someone needs root priveliges to change the files.
     
  9. qwe010

    qwe010 New Member

    how ido that

    i have new client every day ?

    how i make that by default

    i don't want any user but any command in this filse now or later ?
     
  10. sjau

    sjau Local Meanie Moderator

    You could setup a cron job that executes a shell script on a regular base... like every 10 min or so...

    That shell script will then fetch all .htaccess files from a given directory (or maybe even subdirectories [but one level down is probably enough] and alter the ownership and file mode...

    The shell script would be something like this (needs to be tested!!!):
    Code:
    for FILE in "$(find /var/www -maxdepth 2 -name ".htaccess")"
    do
    # Echo the files found
            echo $FILE
    # Chown the files found
    #        chown root.root $FILE
    # Chmod the files found
    #       chmod 0755 $FILE
    done
    exit 0
    
    This above script will search all /var/www plus it will go one directory down.... assuming that you have the setup something like this:

    /var/www
    --> /var/www/web1
    --> /var/www/web2
    --> /var/www/web3

    If you have the user webfolder in something like this:
    --> /var/www/web3/html
    Then alter the maxdepth limitation... I'm not sure if the above example is already set to one level deep or not...
    Hence I did comment out the actual chownin and chmodding... first use the echo :)
     

Share This Page