Permission Discussion

Permission Discussion

Post by Mike » Wed, 24 Jul 2002 21:56:26



I'd just like to confirm a few things. I'm a little worried that I may be
doing something unsafe...

Here's what I'm planning to do:

In my cgi-bin:

Make all my cgi-scripts 755
Make my password data files 644
Make lots of data files 777
Make some directories in my cgi-bin 775 (data files get written in these)

Elsewhere:

Make one directory elsewhere in my webspace 775 (html pages get
automatically produced here by the cgi script)

What are your thoughts on this?
Am I leaving anything vulnerable?
What can I potentially be allowing unauthorised people (i.e. anyone but
myself) to do?

I'm setting permissions in this way as that is what the site I bought the
script from recommends.

Also, what is the 'default' permission of  file? i.e. if I upload a file,
what will it's permissions be set to by default?

Thanks for your input, I'm relying upon it.

Mike

 
 
 

Permission Discussion

Post by Ali-Reza Anghai » Wed, 24 Jul 2002 22:26:32



> Make all my cgi-scripts 755
> Make my password data files 644
> Make lots of data files 777
> Make some directories in my cgi-bin 775 (data files get written in these)

Umm.. I won't comment other than to say there is ~no~ reason to have
world-writeable files in your CGI-BIN. Heck no. No way. Nuh-uh.

You're CGI is being run as a user.. http, web, cgi, whatever you've
configured. And they belong to a group. Use user/group and avoid world. And
I hope your CGI is somewhat audited so that in-and-of-itself doesn't become
a big liability.

Good luck, -Ali

--
OpenPGP Key: 030E44E6
--
Hold it right there, buddy. That scruffy beard... those suspenders..
that smug expression... You're one of those condescending UNIX
computer users! -- 'Computer Holy Wars', Dilbert

 
 
 

1. Permission Discussion

I'd just like to confirm a few things. I'm a little worried that I may be
doing something unsafe...

Here's what I'm planning to do:

In my cgi-bin:

Make all my cgi-scripts 755
Make my password data files 644
Make lots of data files 777
Make some directories in my cgi-bin 775 (data files get written in these)

Elsewhere:

Make one directory elsewhere in my webspace 775 (html pages get
automatically produced here by the cgi script)

What are your thoughts on this?
Am I leaving anything vulnerable?
What can I potentially be allowing unauthorised people (i.e. anyone but
myself) to do?

I'm setting permissions in this way as that is what the site I bought the
script from recommends.

Also, what is the 'default' permission of  file? i.e. if I upload a file,
what will it's permissions be set to by default?

Thanks for your input, I'm relying upon it.

Mike

2. Newbie Boot problem

3. Permission Woes - can't add write permission

4. 64-bit AMD Red Hat Enterprise 3 crash with Quantum SDLT 600 autoloader

5. Is it possible to have execute permissions without read permissions?

6. . sed URLs

7. How to reset permissions on file with no read permissions

8. Apache 1.1 - Need "extra" info for a redirection

9. Do group permissions always override permissions for other (both more and less restrictive)?

10. file permissions/permission execution

11. Welcome to NetBSD discussion forums, message boards

12. Message list font in Netscape Mail&Discussion

13. securing shell accounts discussion