tags:

views:

386

answers:

4
Q: 

'find . -exec chmod 700 "{}" \;' made sites Forbidden

I have been reading about Security of Design. I noticed a tip of lowest permission level. So I did the above code to my junk files. Unfortunately, the junk-folder seemed to contain some server files. A few sites become forbidden. The folder contained stuff such as "Mail", "dev" and "Public". The reason for junking them was that they are empty.

The files are located in a server of a CS-dept. There is no special CMS or anything like that. Before running 'chmod 644 some_files', I am promth to ask your opinion.

Why did the sites become forbidden? What are the lowest permission levels?

A: 

Most likely the owner of the folders that are forbidden is another than the ones that are available. The user that runs the file or it's group must have read (and sometimes executable) permissions on the files/folder. Since you removed the read, write and executable privileges on the group and the world no one but the owner of the files will be able to run them.

TLDR: Wrong owner of file/folder. chown to correct user.

olle  2009-04-16 14:29:54
+1  A: 

The web server usually runs as a different userid from "real" users. So you make it so that a "real" users files aren't readable by anybody else, and the web server can't read them. That's why 744 is a better permission set for files the web server needs to see.

Paul Tomblin  2009-04-16 14:30:26
+4  A: 

Lowest possible permission level is of course 000. But that wouldn't make much sense.

  • 600 rw------- for private files
  • 700 rwx------ for private directories
  • 711 rwx--x--x for directories with public files, but without permission to list dir
  • 644 rw-r--r-- for publicly readable files
  • 755 rwxr-xr-x for publicly readable dirs
vartec  2009-04-16 14:32:43
1+ for the great table
Masi  2009-04-17 21:24:10
+1. Bookmarked as a great reference!
James Skidmore  2010-01-18 15:53:31
A: 

Your problem: your user account does not have execute permissions for the rest of the world.

Solution: You need to put the permissions 701 for your user folder. You can also set them to 711. It is the folder which contains your public_html etc.

Then, check that your public_html has the permissions 755. Similarly, the contents should also be 755 in public_html.

Masi  2009-04-17 21:34:27

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security