Safety of file content...

**nokiaxv2** · July 23rd, 2004, 1:39 AM

A customer questioned about the status of my server concerning php and apache. He asked if I had anything set up to prevent other users on the server from viewing the content of his files. Important files that contain login information such as config.php are pretty vunerable to this. Is there anything that we can do to stop this from happening? I do have links that I can show, but I dont want to create a wide spread issue on surpass by teaching people who may not know about this how to do it.

He made reference about suexec and suphp I believe. I'm curious as to what you guys think? Is there some kind of fix out already? If its alright with mods, i can post a link to what he created for me to show what he was talking about.

Thanks in advanced

siweb · July 23rd, 2004, 9:50 AM

Maybe WHM > Tweak Security > php open_basedir Protection is the answer.

**orbic1** · July 23rd, 2004, 12:21 PM

Access to each user's files are protected to s reasonable extent via user/pass setup. You can refer to the cPanel docs for how it's setup through them, I guess.

**nokiaxv2** · July 23rd, 2004, 7:49 PM

Quote:

Originally Posted by siweb

Maybe WHM > Tweak Security > php open_basedir Protection is the answer.

Quote:

"Remember that this security tweak will stop users from being able to access common libraries and programs installed on your server (like NetPBM, ImageMagick, etc. if they are installed). They will need to install compiled binaries in their home directories and CHMOD the files to 755."

Wouldn't this cause issues with Scripta packages and addons? And also, this isn't just a php script issue. A user can write instructions to cat the contents of /home/user/config.php for example. The user would be some other user on the server. Would this stop them from having access to tools like cat?

I'm really concerned about this. He used two seperate accounts (on the same server) and made account b cat the contents of somefile.php located in account a's user directory.

Anyone know anything about this phpsuexec and/or suexec that he's referring me to?

**orbic1** · July 23rd, 2004, 10:41 PM

What software is it? Stuff like the Squirrelmail Data dir - just change it's access to Octal (CHMOD) 733 and it's fine. Sorry, don't know that much about the software, but Google will hold your answer, I'm sure

**orbic1** · July 23rd, 2004, 10:42 PM

http://www.cablan.net/cablan/What_is...ec_.449.0.html

There you go. A link that explains all.

**nokiaxv2** · July 23rd, 2004, 10:57 PM

Quote:

Originally Posted by orbic1

http://www.cablan.net/cablan/What_is...ec_.449.0.html

There you go. A link that explains all.

Thanks

**bassdaddy777** · July 24th, 2004, 1:34 AM

Quote:

Originally Posted by orbic1

http://www.cablan.net/cablan/What_is...ec_.449.0.html

There you go. A link that explains all.

It tells me that there is a huge hole and it can be fixed, but is it fixed on our servers? Or is the fix more trouble than it's worth? Sun-burned minds want to know.

**nokiaxv2** · July 24th, 2004, 1:43 AM

I was reading the guide for WHM for dedicated users and I saw it mention suexec a few times. I didn't see where it said to activate it. I guess we have to manually install it ourselves.

Once i'm done with the manual I plan to setup my packages on my dedicated for WHM.Autopilot, then proceed to check into using suexec/phpsuexec.

If you find anything else about it before I'm done, let us know.

July 23rd, 2004, 1:39 AM	#1 (permalink)
nokiaxv2 Surpass Fan Seasoned Poster Joined in Jun 2004 Lives in Natchitoches, LA Hosted on pass7 78 posts Gave thanks: 0 Thanked 0 times	Safety of file content... A customer questioned about the status of my server concerning php and apache. He asked if I had anything set up to prevent other users on the server from viewing the content of his files. Important files that contain login information such as config.php are pretty vunerable to this. Is there anything that we can do to stop this from happening? I do have links that I can show, but I dont want to create a wide spread issue on surpass by teaching people who may not know about this how to do it. He made reference about suexec and suphp I believe. I'm curious as to what you guys think? Is there some kind of fix out already? If its alright with mods, i can post a link to what he created for me to show what he was talking about. Thanks in advanced __________________ -( NokiaX )- http://www.eclipse-business.com Saprus Dedicated This made me "LoL" "Unleashedgamers (5:39:21 AM): where you a script kiddie?"

July 23rd, 2004, 12:21 PM	#3 (permalink)
orbic1 Surpass Fan Seasoned Poster Joined in May 2004 Lives in Leeds, UK Hosted on Pass7, Basie (dedicated) 98 posts Gave thanks: 0 Thanked 0 times	Access to each user's files are protected to s reasonable extent via user/pass setup. You can refer to the cPanel docs for how it's setup through them, I guess. __________________ Orbic1 www.orbicular.co.uk

July 23rd, 2004, 10:41 PM	#5 (permalink)
orbic1 Surpass Fan Seasoned Poster Joined in May 2004 Lives in Leeds, UK Hosted on Pass7, Basie (dedicated) 98 posts Gave thanks: 0 Thanked 0 times	What software is it? Stuff like the Squirrelmail Data dir - just change it's access to Octal (CHMOD) 733 and it's fine. Sorry, don't know that much about the software, but Google will hold your answer, I'm sure __________________ Orbic1 www.orbicular.co.uk

July 23rd, 2004, 10:42 PM	#6 (permalink)
orbic1 Surpass Fan Seasoned Poster Joined in May 2004 Lives in Leeds, UK Hosted on Pass7, Basie (dedicated) 98 posts Gave thanks: 0 Thanked 0 times	http://www.cablan.net/cablan/What_is...ec_.449.0.html There you go. A link that explains all. __________________ Orbic1 www.orbicular.co.uk

July 24th, 2004, 1:43 AM	#9 (permalink)
nokiaxv2 Surpass Fan Seasoned Poster Joined in Jun 2004 Lives in Natchitoches, LA Hosted on pass7 78 posts Gave thanks: 0 Thanked 0 times	I was reading the guide for WHM for dedicated users and I saw it mention suexec a few times. I didn't see where it said to activate it. I guess we have to manually install it ourselves. Once i'm done with the manual I plan to setup my packages on my dedicated for WHM.Autopilot, then proceed to check into using suexec/phpsuexec. If you find anything else about it before I'm done, let us know. __________________ -( NokiaX )- http://www.eclipse-business.com Saprus Dedicated This made me "LoL" "Unleashedgamers (5:39:21 AM): where you a script kiddie?"

July 23rd, 2004, 9:50 AM	#2 (permalink)
siweb Registered User Seasoned Poster Joined in Aug 2003 30 posts Gave thanks: 0 Thanked 0 times	Maybe WHM > Tweak Security > php open_basedir Protection is the answer.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search