RE: permission

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I think that permissions could be made more restrictive. For example, if
the files are installed owned by the user 'apache' (and the HTTP server
runs webmail under that user), there is no need to allow access by other
users and groups (such as r-x in 'group' and 'other' permission fields).
Also, there is no need to have 'w' right on the directories itself
(unless webmail will create files in them during its execution, most
probably, it will not) and the files which will not be modified during
the webmail execution (such as documentation, images, or executable
scripts).
Anyway, the permissions you already have will not interfere with the
webmail execution, and you can leave them unmodified. However, removing
unneeded permissions will give additional security.

Alexey Fadyushin
Brainbench MVP for Linux.
http://www.brainbench.com.

> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
> bounces@xxxxxxxxxx] On Behalf Of Mike Burger
> Sent: Thursday, July 28, 2005 3:44 PM
> To: Mad Unix; General Red Hat Linux discussion list
> Subject: Re: permission
> 
> If you'd installed Squirrelmail from the available RPMs (available
from
> Red Hat and/or Fedora), it would have installed in
> /usr/share/squirrelmail, and would have added a file into
> /etc/httpd/conf.d which would have loaded an Alias to point "webmail"
at
> the squirrelmail directory.
> 
> That having been said, the directory permissions are correct, and if I
had
> installed from tarball, I probably would have put it in
/var/www/webmail
> or /var/www/html/webmail, as you did.
> 
> On Thu, 28 Jul 2005, Mad Unix wrote:
> 
> > I am running webmail on my server under the directory
> /var/www/html/webmail
> > i have put the complete directory under the owner permission of
apache
> > (httpd running as apache) is that correct and what about the
> > permission as rwx for the complete directory... can any one point me
> > pls?
> >
> > /var/www/html
> > [root@mail html]# cd webmail/
> > [root@mail webmail]# ls -al
> > total 204
> > drwxr-xr-x   18 apache   apache       4096 Jul 26 13:32 .
> > drwxr-xr-x    6 root     root         4096 Jul 28 08:29 ..
> > -rw-r--r--    1 apache   apache       7987 Jun  7 18:41 AUTHORS
> > -rw-r--r--    1 apache   apache      68794 Jul 20 13:07 ChangeLog
> > drwxr-xr-x    7 apache   apache       4096 Jul 22 20:20 class
> > drwxr-xr-x    2 apache   apache       4096 Jul 26 13:14 config
> > -rwxr-xr-x    1 apache   apache         92 Dec 26  2001 configure
> > drwxr-xr-x    3 apache   apache       4096 Jul 22 20:20 contrib
> > -rw-r--r--    1 apache   apache      15228 Jun 16 03:22 COPYING
> > drwxr-xr-x    2 apache   apache       4096 Jul 27 13:58 data
> > drwxr-xr-x    4 apache   apache       4096 Jul 22 20:20 doc
> > drwxr-xr-x    5 apache   apache       4096 Jul 22 20:20 functions
> > drwxr-xr-x   29 apache   apache       4096 Jul 26 13:34 help
> > drwxr-xr-x    3 apache   apache       4096 Jul 26 13:34 images
> > drwxr-xr-x    4 apache   apache       4096 Jul 27 08:03 include
> > -rw-r--r--    1 apache   apache        660 Feb 11 22:51 index.php
> > -rw-r--r--    1 apache   apache       9296 Jun  4 18:54 INSTALL
> > drwxr-xr-x   50 apache   apache       4096 Jul 26 13:34 locale
> > drwxr-xr-x   24 apache   apache       4096 Jul 27 14:13 plugins
> > drwxr-xr-x    2 apache   apache       4096 Jul 22 20:23 po
> > -rw-r--r--    1 apache   apache       2637 Jun 27  2004 README
> > -rw-r--r--    1 apache   apache       2144 Feb  2  2004 ReleaseNotes
> > drwxr-xr-x    9 apache   apache       4096 Jul 22 20:28
> squirrelmail.locales
> > drwxr-xr-x    2 apache   apache       4096 Jul 22 20:23 src
> > drwxr-xr-x    3 apache   apache       4096 Jul 22 20:23 templates
> > drwxr-xr-x    3 apache   apache       4096 Jul 22 20:23 themes
> > -rw-r--r--    1 apache   apache       4782 May 30 13:03 UPGRADE
> >
> > --
> > redhat-list mailing list
> > unsubscribe
mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> --
> Mike Burger
> http://www.bubbanfriends.org
> 
> Visit the Dog Pound II BBS
> telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
> 
> To be notified of updates to the web site, visit
> http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a
> message to:
> 
> site-update-request@xxxxxxxxxxxxxxxxx
> 
> with a message of:
> 
> subscribe
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux