[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.
- Subject: Re: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Sat Jun 23 09:36:02 2001
- List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>
>
> Can some one comments on such a scenario as far as security goes:
>
> I have a site (site2) and that site's DocumentRoot is "/web"
> (/home/sites/site2/web) Then I cam and I created folders to be used.
>
> Under (/home/sites/site2) I created two folders as follow:
>
> drwx-wx--- 2 site4_admin httpd 1024 Jun 23 17:14 folder1
> drwx------ 2 httpd site4 1024 Jun 23 19:51 folder2
These directories has no effect whatsoever on httpd, as they're out of the
root directory for the site and thus irrelevant (with one expection - cgi
scripts CAN access there, and will have full permissions to do everything
in those two directories)
> Under (/home/sites/site2/web) I have:
>
> dr-x------ 12 httpd httpd 1024 Jun 23 02:40 folder3
>
>
> Thus, folder3 is browsable and set to rx just for httpd, now the issue is
> that am I violating any Cobalt rules. In other words is it secure to do the
> above or am i opening a security whole? Any trouble I might get into other
> than the Quota for that virtual site (site2).
Same note like before?
>
> Any advice is highly appreciated,
>
> KAL
>
>
- shimi