Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Apache+PHP+ftp security

from [Anton Titov] Network Security [Permanent Link]
Subject: Re: Apache+PHP+ftp security
Date: Thu, 31 Mar 2005 12:50:04 +0300 
You can chown /home/example to example:www-data and chmod it
to 0710, and leave users create files with 022 umask, so www-data
will be allowed to enter /home/example, because the group has
execute on this directory and will be able to read files and directories
below /home/example, because "others" can (if they manage to enter the
directory).

For safe_mode, try this:
http://www.titov.net/safemodepatch/

Anton

abend wrote:

Our first purpose was setting the ftp server to upload the files to be
owned by the user which logged in and by group www-data (the files for
each virtual server is under /home/example/www, where example stands
for an example user), and umask set to 027. Our requirement is that
the user example does not belong to the www-data group. By this way we
get no problems about users reading another user php code, etc, but we
didn't find any ftp server which permits us do that (proftpd have a
GroupOwner directive which make uploaded files to be group-owned by
the group we want to, but the user needs to belong to that group,
which is not our intention). We searched for information on how to run
the ftp server (the child process after authentication of the user)
with the appropriate user but with pgid www-data, and make the files
owned by this group, but neither proftpd, wu-ftpd or vsftpd matched
this caracteristics.


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re[2]: Apache+PHP+ftp security, barti
Previous by Thread:  Re: Apache+PHP+ftp security, Mailinglists Address
Next by Thread:  RE: Apache+PHP+ftp security, Scott Fagg
Indexes:  [Date] [Thread] [Top] [All Lists]