Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can !
Moderator: General Moderators
Luke
The Ninja Space Mod
Posts: 6424 Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA
Post
by Luke » Thu Apr 12, 2007 4:22 pm
I've got a directory set up like this:
Code: Select all
/mm5
/5.00
/modules
/some other irrelevant stuff
/public
/images
/styles
/scripts
/graphics
/en-US
merchant.mvc
admin.mvc
sometherfiles.mvc
something_else.mvc
I want to restrict access to every file and folder except merchant.mvc, admin.mvc, and /public (as well as EVERYTHING under it). Everything else should be accessibly to eachother, but not to the general public. How do you recommend doing this?
The server is apache. I'm not sure which version, it's a shared host.
timvw
DevNet Master
Posts: 4897 Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium
Post
by timvw » Thu Apr 12, 2007 5:07 pm
- I'd probably write a little bash script that first gives only me (the user rights)
- then i would grant rights to apache to traverse the directories
- then i would grants rights to apache to read files (and perhaps a couple of directories for listing purposes)
eg:
Code: Select all
#!/bin/bash
BASEDIR=/somewhere/username
WEBDIR=$BASEDIR/web
# give user all rights (and remove rights from others)
chmod 700 $BASEDIR
find $BASEDIR -type d -exec chmod 700 {} \;
find $BASEDIR -type f -exec chmod 600 {} \;
# allow user to run scripts in bin
find $BASEDIR/bin -type f -exec chmod u+x {} \;
# gradually add rights so www-data can access webfiles
chmod g+x $BASEDIR
chmod g+x $WEBDIR
chmod o+x $WEBDIR/private
chmod o+r $WEBDIR/private/.htpasswd
chmod o+r $WEBDIR/private/timvwblog.php
chmod o+rx $WEBDIR/www.timvw.be
find $WEBDIR/www.timvw.be -type f -exec chmod o+r {} \;
find $WEBDIR/www.timvw.be -type d -exec chmod o+x {} \;
#chmod o+x $WEBDIR/www.timvw.be/cgi-bin
#find $WEBDIR/www.timvw.be/cgi-bin -type f -exec chmod o-r {} \;
#find $WEBDIR/www.timvw.be/cgi-bin -type d -exec chmod o-x {} \;
#find $WEBDIR/www.timvw.be/cgi-bin -type f -maxdepth 1 -exec chmod u+x {} \;
chmod u+x $WEBDIR/www.timvw.be/cgi-bin/something/blah.pl
But i would really recommend to place all this in a script (this way, you can easily re-apply the rights, possible via a cronjob...)
Luke
The Ninja Space Mod
Posts: 6424 Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA
Post
by Luke » Thu Apr 12, 2007 5:17 pm
even if I give a file 400 access (only read access to owner), you can still reach this file in a web browser. For some reason I just can't seem to fully grasp file permissions and who owns what and why.
EDIT: I was thinking something like:
but that won't work for specific files, will it?
hrmm... it is so frustrating being a server/apache n00b. I need a book.
nickvd
DevNet Resident
Posts: 1027 Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:
Post
by nickvd » Thu Apr 12, 2007 5:44 pm
You could always lock down everything like you said (deny from all) and then use a
<FilesMatch> directive to open up what you need.
Luke
The Ninja Space Mod
Posts: 6424 Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA
Post
by Luke » Thu Apr 12, 2007 5:48 pm
dude... that looks like exactly what I need. ::slaps you with a good-job fish::