Two questions?
I am trying to tighten up my buggy web applications on e-smith. (various
flavours of Php-Nuke, different scripts and add-ons etc.)
Question 1 -
I am unable to change the permissions to user nobody without breaking some
of the functionality. I have elected to go with user www for
On Fri, 17 Aug 2001, Justin Funke wrote:
Question 1 -
I am unable to change the permissions to user nobody without breaking some
of the functionality. I have elected to go with user www for all these
potential security risks and the shared group. Any comments?
You don't say what
Justin Funke [EMAIL PROTECTED] said:
Question 1 -
I am unable to change the permissions to user nobody without breaking
some of the functionality. I have elected to go with user www for all
these potential security risks and the shared group. Any comments?
Really need more info on what
Question 1 -
I am unable to change the permissions to user nobody
without breaking some
of the functionality. I have elected to go with user www
for all these
potential security risks and the shared group. Any comments?
You don't say what permissions you want to change, so it's
On Fri, 17 Aug 2001, Justin Funke wrote:
However, user www is probably the
worst choice
you could make,
Nevermind, they started all at root/root - make that second worst.
Actually, that might be the best, rather than second worst,, because that
means it is least likely to be modified
Really need more info on what security risks your opening. My own
personal experience is sometimes security is
counterproductive.
Darryl you working for Microsoft now? ;)
If it is
a production 'need' and the risk is acknowledged, signed off on and
understood, implementing less
Justin Funke [EMAIL PROTECTED] said:
I don't need 100% lockdown but running everying as a root is not an
option I wish to entertain.
Yes, running any web server as root is simply irresponsible. E-smith's
way of www:www is a good implementation and you can either sudo specific
commands to
Actually, that might be the best, rather than second worst,,
because that
means it is least likely to be modified by a process controlled by an
attacker. Or at least, if that happens, your php app is not
the worst of
your problems.
Ah yes - another good point. I was thinking of the php
i'd go with redbull vodka :p
- Original Message -
From: Justin Funke [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, August 17, 2001 10:04 PM
Subject: [e-smith-devinfo] Request for Comments
Two questions?
I am trying to tighten up my buggy web applications on e-smith