Re: Apache permissions stabs new Linux user in face with icepick. Suggestions?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Mar 9, 2016 at 6:17 PM, Francis Roy <lists@xxxxxxxxxxxxxxxxxxxx> wrote:
On 16-03-09 08:44 PM, Eric Covener wrote:
If you want to serve out of your home directory, it needs to be
executable by "other".

 Thank you, Eric and Kurtis, both. That was the problem.

I did the following:
   sudo chmod 755 /home/username

If I may, a follow-up question: does this create a potential security vulnerability on my machine that I should find measures of protecting?

Probably not but it's not the sort of question anyone can answer without spending a few days reviewing your situation. The reason most UNIX distros create the home directory for a user with mode 750 (no public access) is to make it impossible for other accounts on the machine, which aren't a member of your primary group, to guess whether a file is present by exploiting the search capability. In other words, if you've done "chmod 751" then even if I'm not a member of the group that owns your home directory I can execute "ls /media/username/$filename" commands (or equivalent) to probe whether $filename exists. It's a potential information leak that could theoretically be used to launch an attack. Whether that's a concern for you depends on a lot of factors.

--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux