Knowledgebase
REPOST: Cpanel /home permission hardening
| Posted by doc_flabby, 03-26-2009, 11:49 AM | | Since this got lost (google cache of thread discussion so far) http://209.85.229.132/search?q=cache...ient=firefox-a
im reposting because i think it was an interesting discussion.
I'm setting up a cpanel server for the first time. I was wondering if i could harden the default cpanel permissions for the user folders in /home The idea is to prevent users viewing each others files. Please don't suggest the php open_basedir option as its not secure and doesn't work with cgi based file browsers.
Note I'm using suexec/suphp.
currently new cpanel users folders are created with
group and user ownership and the permissions 755
I was thinking if i changed this to 711 would this break anything?
Could i lock this down even more by changing the group ownership to "nobody" and thus have permissions 710.
|
| Posted by vapetrov, 03-26-2009, 03:23 PM | | By 710 you'll disable all users access to their homedirs.
ssh, ftp, webmail, etc. will not working.
|
| Posted by Zoni, 03-26-2009, 07:28 PM | | I don't know CPanel's workings that well, but what I do know about Linux file permissions is this:
710 doesn't drop users access as long as it is still chown'ed by the user (not group).
If it is, say, user=www and group=nobody (where www is a user that you have for the main website, whatever; and nobody is apache's group) and chmod=710 it should work (I believe).
For that matter, if you're using suphp (which i don't have much experience with), couldn't you chmod it so that ONLY the user has access?
|
| Posted by andren, 03-27-2009, 12:05 AM | | I responded the last time - google needs to catch up
711 for dirs immediately under /home, 755 for public_html and below works for me.
|
|
 Add to Favourites
 Print this Article
|
Also Read
OVH Network (Views: 633)
