CGI Security And File Permissions

Apr 24, 2007

I am planning to use CGI for my web installations and there appears to be a whole lot of conflicting info about setting file permissions in the user's folder.

What are the permissions actually required for reading and writing into the web users directory?

A lot of them say 755, but that doesn't make sense as it gives any user read and write permissions to the whole web directory tree.

Other than the initial index .php, .cgi or some other files that need to be ready by the webserver process shouldn't every other file be 700 or 600 as every subsequent file access is done under the control of the cgi program?

Unless a file is to be served directly by the web server process and is not in a ScriptAlias directory or is not marked as a CGI shouldn't the permissions on that file be 600 or 700?

I'd also like to know if there are some guides as to how the CGI security issues operate.

View 2 Replies


ADVERTISEMENT

Plesk 12.x / Windows :: STOP Resetting File Permissions On DLL File?

Sep 17, 2014

How can we stop Plesk resetting the file permissions on a dll file that is found in

C:Program Files (x86)

??

Specifically,

we have a file, jmail.dll,

here

C:Program Files (x86)Dimacw3JMail

By default Plesk permissions are set to DENY for PSACLN.

But the JMail plugin cannot work with these permissions !

We change this to be ALLOW for READ & EXECUTE and DENY for WRITE.

And everything works fine.

But every time Plesk does an update it reverts it back !

This means that a number of our customers contact forms stop working !

View 12 Replies View Related

File Permissions With XP Pro And IIS

May 19, 2009

I need to run my PHP application locally on my XP Pro machine with IIS. Part of my application requires creating files, how do I set write permissions on folders like you can with windows server?

Is this possible with XP pro

View 3 Replies View Related

File Permissions

Dec 29, 2007

my question is relating to a "DJ Panel" that I am making. I am looking into various file permissions and was wondering if all PHP files that are part of the DJ Panel have file permissions of 0666 will that pose any kind of security threat (make life easier for hackers) or do you see any downside to doing this?

View 3 Replies View Related

FTP + File Permissions For Client

May 24, 2009

I have set up a ftp server for my clients to upload files.

I have setup 2 users, client and administrator.

When a client logs he uploads his files to a folder called upload_files.

But he cannot view files in that folder.

If I log in as administrator I can see all the files and folders.

But I can only delete files uploaded to the upload_files folder.

If the client uploads a folder with files into it, then I cannot delete it since the folder owner is client.

Ex:
/upload_files/image.jpg Can Delete
/upload_files/new_folder/image.jpg Can't Delete

View 6 Replies View Related

File Permissions In Windows

May 15, 2009

I'm transferring websites from Linux to Windows.

My scrips are writing uploaded photos to the server's hard disk drive. In Linux, I've set up right permissions to the folder: allow write files, php user as the owner of the folder.

After I've transferred everything to Windows Server 2008 server, I've removed "read only" atribute from folders and files, but PHP scripts still can't write new files or change old files.

I wonder what should I do to fix it? Set PHP user as the owner (as in Linux)? If yes, how can I do it?

View 23 Replies View Related

Php.ini And .htaccess File Permissions

Aug 17, 2008

I'm on a shared FreeBSD server, running Apache with Drupal, and vBulletin.

I had to create a local php.ini file in my public_html folder for Drupal, and another in my forum folder for vBulletin. Now my question is, what should I set the permissions of these files to? Also, what should I set .htaccess permissions to as well?

I'd like to keep them invisible to the public. But, I don't want any problems with Drupal, or vBulletin ether.

I'm used to using Linux and I know how permissions work on a desktop. I just don't know what they do when used on a server. I'm guessing 640, but I'd like to make sure before I change anything.

View 3 Replies View Related

PHP Permissions (file Owner)

Nov 24, 2008

I have setup an ftp user which can upload files to /home/ftp/upload and obviously it assigns the ftp user as the owner when it uploads. Now, I want PHP to be able to rename those files, but getting a permission denied, presumably because apache aint the owner or doesnt have permission to do that, so how do I grant it the right permission(s)?

View 2 Replies View Related

Folder - File Permissions

Oct 28, 2007

Server:
Centos 4.5/cPanel v11/php5 - SSH

Maybe someone can set me straight on this. I have always been under the impression, that under normal circumstances, permissions should usually be as follows:

userdir - 711
public_html - 750
folders - 755
files - 644

I am doing some work on a server and when I create a new folder (using WinSCP) it defaults the folder permissions to 775 and file permissions to 664. Besides causing possible problems with the applications I'm installing, isn't this a bit of a security risk?

Also, if I upload a tar and untar on the server it sets the same 775/664 permissions.

View 3 Replies View Related

Preserving File Permissions While Copying

Apr 23, 2008

a way to preserve folder/file permissions in a windows environment. We are copying files from one drive to another on one of our servers. It's crucial to preserve the permissions - but i've done some research and can't find any way to get this done...

Anybody familiar with any methods on how to approach this? We're running windows 2003 server.

View 2 Replies View Related

File Manager And WordPress Permissions

Nov 27, 2008

I just purchased my first hosting package in 10 years. Things have changed quite a bit and I'm unsure about some of the permissions settings. My new account is with Host Gator.

I could really use some help.

I'm going to use WordPress for the first time. I'd like to harden down my Linux server on Host Gator as much as possible. I'd also like to harden the WordPress permissions as much as possible.

I've read a fair amount about and have a little experience in setting read, write, and execute permissions plus some other security experience. My main concerns are to strike the balance between hardening down enough without making it so WordPress can't access whatever it needs to access.

I also have "Hot Linking" to consider. Not sure if that will make it difficult for WordPress to do it's thing.

Did I say that clearly enough?

View 7 Replies View Related

File Permissions On Shared Host

Jan 3, 2007

I recently opened a shared hosting account with a new host.

Can someone advise on file/folder permissions I can set which will keep my shared host neighbors out?

While accessing my account via FTP I noticed I could freely view and download files from other users folders - their PHP, HTML, images, you name it!

I would like to be more private with my files which include PHP scripts, images, etc.

I already contacted the help desk with my host and the tech said shared access between accounts is normal (even FTP) and if I restricted permissions then my PHP wouldn't work for Internet users.

I'm not buying it. I should be able to set the permissions such that Internet users can execute the PHP and view images, without my account neighbors using FTP to download my files.

View 13 Replies View Related

File Permissions On WIndows Server 2003

Apr 25, 2009

i am more a linux guy than windows, but recently i have to switch to windows.

In my FTP program I logged in one of my domains and tried to edit file permissions for a folder but in my windows filezilla server it game me 504 command not implemented for that parameter error message.

I read a little and learned that windows dos not support posix.

How can a change the file permissions on windows machine?

View 4 Replies View Related

How To Change Permissions Of A Read Only File System

Jun 21, 2008

I have a dedicated server and till few days back i was able to edit my files fine but this morning when i am trying to edit any file, it gives me back this error:

[user@domainname theme]$ chmod 777 header.php
chmod: changing permissions of `header.php': Read-only file system
[user@domainname theme]$

[root@domainname theme]$ chmod 777 directoryy
chmod: changing permissions of `directoryy': Read-only file system
[root@domainname theme]$

I tried both as normal user and root and same results. Do you think the hosting guys changed the permissions of the file system or something?

View 4 Replies View Related

Getting Errors Due To File Permissions. What Config Is Required

Aug 11, 2007

I have placed a Content Management System on an Apache server using Cpanel and when I try to install I get messages about folders and files needing permission changes, then after installation some modules won't work because of wrong permissions. The solution to make everything work is to set all folders and files to 0777 but then that would just open up to insecurity. Also I can't set files to 0444 using an FTP client. It can only be done via Cpanel's file manager.

I install the same CMS on another hosting service with the same Apache/Cpanel config and it does not require any CHMOD. The app installs without errors and functions correctly with folders at 0755 and files at 0644.

It seems most shared hosting nowadays work as the latter statement so what could be the cause why the other hosting server require all the permission changes?

View 4 Replies View Related

File And Directory Permissions Is Driving Me Crazy

Sep 9, 2007

Until recently i had never used a Linux server, as i used to have a windows server. I now have a Linux VPS

I am now at my wits end with file permission problems

I use Joomla a lot for my websites, and i also develop and program many modules and components for it, but at the moment every time i upload a module (which is a zip file with php files that is put onto the server in the right place via php) it sets the ownership to "nobody" rather than the username so i cant access it via ftp, as it says you don't have permission or the file may not exist.

Is there anyway the server can be set so it will by default set the file to have an owner name that will allow ftp access to it without me having to learn SSH Putty (which is all i have done today) or contacting my hosting company every time?

I am spending more of my time with these permission problems than doing my work, it driving me barmy!

View 4 Replies View Related

Plesk 11.x / Linux :: FTP And File Permissions Are Incorrect?

Jun 4, 2014

Whenever I setup a new FTP user in Plesk and then configure my FTP client with exactly the same username and password and transfer files and folders onto the server then the file permissions allocated are incorrect. Folders get allocated a permission of 700 and files a permission of 600, whereas I want all folders to have a permission of 755 and files a permission of 644. How can I change my setup so that files and folders get the permissions I want ?

View 1 Replies View Related

Plesk 11.x / Linux :: FTP - Wrong Folder And File Permissions

Nov 15, 2013

I have a problem where every folder I ftp onto the server gets given a 700 permission and every file gets a Zero permission. Most of the sites I am adding to this server will be WordPress sites and most of the folders I want to have a permission of 755 and for the files a permission of 644 so my question is how do I change the settings so that any new files ftp'd onto the server get the permission 755 and files get the permission of 644 ?

View 2 Replies View Related

Plesk 12.x / Linux :: Folder Permissions / Joomla Installer - Could Not Copy Setup File

Mar 17, 2015

Ok, new to Plesk, trying to move from ispconfig. So I have Plesk 12 running on Centos 6 64bit in a VPS. I figured out how to upgrade PHP and now I have installed my first website. The website is joomla based but I am getting the below error when installing components:

Warning
Copy failed.

JInstaller: :Install: Failed to copy file /var/www/vhosts/virtual-sim-racing.com/httpdocs/home/tmp/install_55081e65af5fe/pkg_kunena.xml to /var/www/vhosts/virtual-sim-racing.com/httpdocs/home/administrator/manifests/packages/pkg_kunena.xml

Package Install: Could not copy setup file.

This suggest to me a permissions issue - but what to do with it. I have checked all of the relevant Joomla folder permissions and they are all showing as writeable, so it looks like something outside of that?

I don't want to have to stick with ispconfig much longer ...

View 7 Replies View Related

Backup File Security

May 3, 2008

I currently do daily backups to rsyncpalace Daily, weekly, monthly. cPanel does a backup of all user accounts to a folder and they are rsync'd offsite via ssh.

My questions are: Should I be comfortable or concerned that all of my website(s)' data are neatly bundled, stored in plaintext (tar) formats and only protected by a single login and password?

Am I exposed to any more or less risk of tampering with my data than on my webserver itself?

View 6 Replies View Related

File Upload Security On XO - Built In

Jul 26, 2007

My website, a free classified ads site, is hosted by XO, the hosting company. I'm introducing a feature where advertisers can, for free, post pictures of the things that they're advertising -- that is, where advertisers can upload a JPEG or a GIF. I understand that this can open my site up to the uploading of malicious code, and that I should put safeguards in place to make sure that only JPEGs and GIFs get uploaded. However, I'm wondering if XO doesn't include some built-in safeguards that would keep malicious code from getting executed. In other words, since a profesional hosting company runs the servers -- not me -- do I need to be worried about security at all?

View 1 Replies View Related

Security Risk To Share Phpinfo File

Mar 10, 2007

There are always people who would like to know what the php settings are on the server. Is it a security risk to share the phpinfo.php file on a website, with anybody who visits that website, able to view it?

View 4 Replies View Related

Plesk 12.x / Linux :: Deny User Upload File Via File Manager Or Hidden File Tab?

Feb 10, 2015

I'm build Plesk Panel for Linux and Presence Builder, I don't want my user can upload their website to hosting via File Manager. How can I do it...

View 2 Replies View Related

Joomla Security / Linux Security

Apr 4, 2008

I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.

When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.

However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.

Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.

View 10 Replies View Related

1.com/file.php, 2.com/file.php Where File.php Is Hosted On Main.com/file.php

May 26, 2008

Say I have 2 websites and they all use file.php which is located on mainserver.com/file.php.

I want to use the file like this:
website1.com/file.php
website2.com/file.php

View 2 Replies View Related

Ffmpeg :: Cannot Open Shared Object File: No Such File Or Directory In Unknown On Line 0

Mar 6, 2008

Rapidly growing error logs showing the same message

$ug-non-zts-20020429/ffmpeg.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20020429//usr/local/lib/php/extensions/no-debug-non-zts-20020429/ffmpeg.so: cannot open shared object file: No such file or directory in Unknown on line 0

root@server [~]# ls /usr/local/lib/php/extensions/no-debug-non-zts-20020429
./ ../ eaccelerator.so*
root@server [~]# ls /usr/local/lib/php/extensions/no-debug-non-zts-20020429
./ ../ eaccelerator.so*

Using cpanel 11 / centos 4

View 1 Replies View Related

How Can I Show Hidden File In Cpanel File Management Tool

Jun 16, 2008

i have a server with centos,

i need to edit the hidden file .htaccess from the file management tool of cpanel,

but the hidden files not shown,

ow can i modify the setting and let the files shown in the file management tool of cpanel?

View 6 Replies View Related

FTP + Permissions

Jun 3, 2009

I'm trying to get FTP working on a FreeBSD 7.1 box running ProFTPd.

The service runs but the issue is that the users cannot write to their home dirs. The server returns a 550 error.

Previously ProFTPd ran as user and group of "www" but I changed it to "nobody", which did not change anything.

I'm sure the issue is that of the home dirs for the users being owned by the users themselves and the service account not having access to write in that directory.

I'm not sure what is best to do here. Do I lift permissions so everyone can write to the home dirs? or is there a better way?

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved