SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Thread: nobody !

  1. #1
    SitePoint Member
    Join Date
    Feb 2005
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    nobody !

    I'm running Redhat linux server with cPanel..
    when a user uses a php upload script...the "owner" and "group" of the uploaded file will be "nobody" or "apached".. so the file will have the permissions of nobody..
    and this is a security risk..because if hacker uploaded a php shell or any tool he will have more access in the server

    how can I make any uploaded file to be the same owner and group of the script's/site owner..to limit his access even if he uploaded a phpshell

    I saw that in some servers..and some friends told me it depends on control panel type..

    any help or tips??


    thanks

  2. #2
    SitePoint Zealot Scott.Mc's Avatar
    Join Date
    Jul 2004
    Location
    Scotland
    Posts
    158
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    tr1x read the man page on chown

    ie

    chown account:account filename
    Linux Server Management - AdminGeekZ.com
    Is your website Sluggish? Unavailable? Insecure?

    Why not call us? +44 0141 2800134

  3. #3
    Prolific Blogger silver trophy Technosailor's Avatar
    Join Date
    Jun 2001
    Location
    Before These Crowded Streets
    Posts
    9,446
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Tr1x, he won't have any more privlileged use than a normal would. Now it's a pain in the butt for FTP, but it doesn't constitute a serious risk.

    Aaron
    Aaron Brazell
    Technosailor



  4. #4
    SitePoint Member
    Join Date
    Feb 2005
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    have found the solution:
    http://www.php.net/manual/en/security.apache.php

    thanks anyway guys..


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •