Security, suggestions
Moderator: General Moderators
Security, suggestions
Hi this is pretty simple, i have a script that i would like not to be accessible by users on the same server machine. I am not root and there are many users that can acces each other's information (not write of course, but read and copy are allowed).
Now the solution i am looking for has either to do with the .htaccess code, that i could not find. Or me somehow including my program off another server.
I would prefer some help with the .htaccess but i am also curious about the second option.
Thanks guys!
Now the solution i am looking for has either to do with the .htaccess code, that i could not find. Or me somehow including my program off another server.
I would prefer some help with the .htaccess but i am also curious about the second option.
Thanks guys!
Could you do:
Assuming you can
repace www-data with whatever user your webserver runs as, often www-data, apache, or nobody.
Now the webserver can still read the file, but the local users can't.
Code: Select all
chmod o-r filenameCode: Select all
chgrp www-data filenameNow the webserver can still read the file, but the local users can't.
Well wouldn't that mean that i too will not be able to see the file?
what does do?
what does
Code: Select all
chgrp www-data filenameIn *nix systems using the "default"/regular file system each file has three sets of permissions -- owner, user, other -- each set can specifiy read, write, and execute permissions seperately :
So if you see "-rwxw-xr-x" this means that the file has owner read/write/execute, group read/execute and other read/execute.
Normally a file is created with the group=owner so you have something like and some default mask
The -l on ls tells it to do the "long" listing
The first dash on the line is normally used to show if a file is a directoty or softlink. The next three triplets show the permissions. In this case the ownder has read/write, the group has read, and others have read. The double nielsene shows the owner and group.
If I do
Notice that the group is now 'www-data' and others have lost read privileges. Nielsene, me, the owner, can still read/write the file, even if I'm not in the www-data group.
So if you see "-rwxw-xr-x" this means that the file has owner read/write/execute, group read/execute and other read/execute.
Normally a file is created with the group=owner so you have something like and some default mask
Code: Select all
touch temp
ls -l temp
-rw-r--r-- 1 nielsene nielsene 0 Aug 14 11:38 tempThe first dash on the line is normally used to show if a file is a directoty or softlink. The next three triplets show the permissions. In this case the ownder has read/write, the group has read, and others have read. The double nielsene shows the owner and group.
If I do
Code: Select all
chgrp www-data temp
chmod o-r temp
ls -l
-rw-r----- 1 nielsene www-data 0 Aug 14 11:38 tempa lot find it easier to chmod by number, for that, remember that each group must be represented. that 0 is nothing for that segment. that 1 is execute, 2 is write and 4 is read.
thus chmodding a file at rwxr-xr-x with 640 makes it rw-r----- and broken own to be easier to read...
[rwx][r-x][r-x] chmodded to 640 becomes [r-x][r--][---]
thus chmodding a file at rwxr-xr-x with 640 makes it rw-r----- and broken own to be easier to read...
[rwx][r-x][r-x] chmodded to 640 becomes [r-x][r--][---]
Thanks for the detailed explanation, i had some clue on how they worked but you gave me a more detailed view, I also prefer numbers but nevertheless that's not the point,
How can I chmod a batch of files? I mean if i chmod the directory, do i have to use regression for it to chmod all the containing files or how does that work? And is this more effective than not allowing people to view my folders through a .htaccess code?
On a sidenote i have NEVER figured out how to check what group does anyone belong to. Especially because PHP writes files as another user... hence making it impossible to biew the files until i chmod the dirs through a script... i would like to find out how to determine groups and stuff...any good link to a tutorial...
Thanks
How can I chmod a batch of files? I mean if i chmod the directory, do i have to use regression for it to chmod all the containing files or how does that work? And is this more effective than not allowing people to view my folders through a .htaccess code?
On a sidenote i have NEVER figured out how to check what group does anyone belong to. Especially because PHP writes files as another user... hence making it impossible to biew the files until i chmod the dirs through a script... i would like to find out how to determine groups and stuff...any good link to a tutorial...
Thanks
Just to reply to the above post i have ben su'ing my way through comprehending this... so i chmodded my main /var/www/html directory to look like
drwx-----x myself myself
just to note that ^ (the above) has not changed to www-data...
to my understanding that last "execute" allows people to view the page from html and therefore execute all my scripts... i don't seem to be getting your result which is
-rw-r----- 1 nielsene www-data
is that because mine is a dir and yours is a file?
what is that number right after -rw-r-----
thanks!!
drwx-----x myself myself
just to note that ^ (the above) has not changed to www-data...
to my understanding that last "execute" allows people to view the page from html and therefore execute all my scripts... i don't seem to be getting your result which is
-rw-r----- 1 nielsene www-data
is that because mine is a dir and yours is a file?
what is that number right after -rw-r-----
thanks!!