Ping a Specific Port

Question

ren

Asked: 2011-09-19 04:22:47 +0800 CST2011-09-19 04:22:47 +0800 CST 2011-09-19 04:22:47 +0800 CST

www-data user can read /etc/fstab

772

I'm pretty new at this. So I figured out that apache2 starts processes as www-data user. Suppose this user then starts untrusted code. What if I wanted to disallow this user to read any files (like /etc/fstab for example). How would I go about this? Ubuntu 11.04 by the way.

2 Answers

Voted

Alex Holst · Answer 1 · 2011-09-19T04:35:15+08:00

Alex Holst

2011-09-19T04:35:15+08:002011-09-19T04:35:15+08:00

Are there secrets in /etc/fstab you don't want users reading?

In general, you'd remove r access for others on the files, but fstab contain no secrets so you just likely to break things.

Specifically with Apache, you probably have the option to run it in a chroot, so it can't read outside of /var/www or where ever your httpd lives.

4

Hrvoje Špoljar · Answer 2 · 2011-09-19T04:36:50+08:00

Best Answer

Hrvoje Špoljar

2011-09-19T04:36:50+08:002011-09-19T04:36:50+08:00

You could deny by chmoding those files so that www-data user can't read them.

One of tricks you could use would be to change group of those files to www-data group and set mod so that group can't read the files.

$ chgrp www-data /etc/fstab
$ chmod g-rwx /etc/fstab

From php side you can use open_basedir which would in some cases prevent reading files outside path set as open_basedir

1

www-data user can read /etc/fstab

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?