Re: Security risks in setting public_html to 777?

From: Steve Wolfe (unt_at_see.signature.com)
Date: 04/01/04

  • Next message: Jem Berkes: "Re: Block access that is too fast with iptables"
    Date: Thu, 1 Apr 2004 11:53:22 -0700
    
    

    > I'm running a web server, and I want some CGI scripts to be able to
    > create files and directories in public_html. To do this, I need to set
    > permissions for public_html to 777. Are there any security risks in
    > doing this?

      Yes, there certainly are. However, chances are that you don't really
    need them set to 777.

      The first 7 is fine. And the second 7 is *probably* fine. But the
    third 7? You'll only need that if the web server is running as a user
    *other* than the owner of the directories. There are usually ways to fix
    that - as an example, with Apache, suexec can be used to let the cgi apps
    run as an appropriate user, not as "apache", "nobody", or whatever your
    apache runs as.

    steve


  • Next message: Jem Berkes: "Re: Block access that is too fast with iptables"