web server directory permissions
|
|||
|
Rank: ? (4821)
Member #: 3416 |
so if i have a directory accessible at http://www.example.org/somedir/ and i've chmod'd it to 777 (for the purpose of allowing scripts to create files there), what have i allowed everyone to do that i should be concerned about?
as far as i can tell, i've only opened things up to people with shell or ftp access to the server, which i'm not terribly concerned about. am i missing something here?
my mind is like a steel trap! it only hangs on to the big stuff. visit my forums at track7.org
|
||
|
|||
|
|||
|
Rank: ? (2172)
Member #: 11609 |
Nothing. UNIX/Linux security freaks like to make a big deal out of this one.
It's not like someone is going to modify your files via HTTP. The issue is another user on the server modifying the files.
A guy gets on a bus and starts threatening everybody: "I'll integrate you! I'll differentiate you!!!" So everybody gets scared and runs away. Only one person stays. The guy comes up to him and says: "Aren't you scared, I'll integrate you, I'll differentiate you!!!" And the other guy says: "No, I am not scared, I am e to the power of x."
|
||
|
|||
|
|||
|
Rank: ? (1533)
Member #: 15283 |
The issue is another user on the server modifying the files.
I thought that was the question. Isn't it? _B_
Beware the Big Koala. It originated the recursive malapropism when it found itself supernumerary to a specific task and commented, "I think I'm erroneous here". -which it wasn't until it said so, but then it was, -so it wasn't. It also once won a staring contest, with a stuffed cat.
|
||
|
|||
|
|||
|
Rank: ? (4821)
Member #: 3416 |
hmm, sounds like i was right then!
i don't particularly like the idea of granting more rights than necessary, but it's a whole lot easier!
my mind is like a steel trap! it only hangs on to the big stuff. visit my forums at track7.org
|
||
|
Please login or register to post a reply.
