Chmod 777 - Dev Shed

Apache Development

Dev Shed Forums Sponsor:

You don't need a fax machine to get faxes. Get a fax-to-email fax number from CallWave. Try it free.

September 19th, 2000, 03:44 AM

null

All round clown

Join Date: Sep 2000

Posts: 21

Time spent in forums: < 1 sec
Reputation Power: 0

This isn't really an Apache sepcific question, but I was wondering about the following :

If you run a script on a server, which writes to a text file, and you have to chmod 777 the directory, is that a security hazard. This particular sever is Apache. Could someone write commands to the text file and execute it ??

September 19th, 2000, 04:08 AM

freebsd

Guest

Posts: n/a
Time spent in forums:
Reputation Power:

>>Could someone write commands to the text file and execute it ??

If apache isn't run as suEXEC, then everyone on the same server can always rwx to your file even if you htpasswd protecting your files given you yourself have permission for such file.

September 19th, 2000, 05:09 AM

null

All round clown

Join Date: Sep 2000

Posts: 21

Time spent in forums: < 1 sec
Reputation Power: 0

<BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by freebsd:
>>Could someone write commands to the text file and execute it ??

If apache isn't run as suEXEC, then everyone on the same server can always rwx to your file even if you htpasswd protecting your files given you yourself have permission for such file.[/quote]

Thanks for the reply. I'm not really worried about other users of the server who have legit access, just people outside the "Network". I am looking to swap it over to a database quite soon, as the text file which store the "news" will grow far too large.

Thanks again.

September 19th, 2000, 05:14 AM

freebsd

Guest

Posts: n/a
Time spent in forums:
Reputation Power:

>>just people outside the "Network"

Then don't worry about it.

Viewing: Dev Shed Forums > System Administration > Apache Development > Chmod 777

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump

Free IT White Papers!

Accelerating Trading Partner Performance
One in five. That's how many partner transactions have at least one error. That is an amazing statistic, particularly given the extraordinary leaps in innovation across the global supply chain during the past two decades. Download this white paper to learn more.

Competing on Analytics
This Tech Analysis is designed to help identify characteristics shared by analytics competitors, and includes information about 32 organizations that have made a commitment to quantitative, fact-based analysis.

Cost Effective Scaling with Virtualization and Coyote Point Systems
An overview of the industry trend toward virtualization, how server consolidation has increased the importance of application uptime and the steps being taken to integrate load balancing technology with virtualized servers.

Five Checkpoints to Implementing IP Telephony
Implementation planning for IP PBX software and IP telephony has become vital as businesses replace discontinued legacy PBX phone systems. This informative whitepaper outlines five "checkpoints" for any implementation plan that will help make IP communications a successful proposition.

Hosted Email Security: Staying Ahead of New Threats
In the last two years, email has become a fierce battleground between the nefarious forces of spam and malware, and the heroes of messaging protection. The spam volumes increased alarmingly every month, bringing clever new forms of phishing and virus propagation attacks.

More Free IT White Papers!