Ping a Specific Port

Question

Viktor Joras

Asked: 2016-02-16 23:26:33 +0800 CST2016-02-16 23:26:33 +0800 CST 2016-02-16 23:26:33 +0800 CST

Prevent apache user from viewing server root directory

772

This is not a question related to Indexes or folder browsing. It is about permissions.

If I execute:

if ($handle = opendir('/')) {

    while (false !== ($entry = readdir($handle))) {

        if ($entry != "." && $entry != "..") {

            echo "$entry\n";
        }
    }

    closedir($handle);
}

I can see /etc, /proc, /dev, /home, /root, /usr, /lib/, /bin, /sbin directories. This means that if a website is hacked, the hacker can see all my tree files from root on.

How can I limit the apache user to be able to see only the apache root document directory, for example /var/www/ and all the files inside it but not the /var/www parent directory?

1 Answers

Voted

Thang Pham · Answer 1 · 2016-02-16T23:31:53+08:00

Thang Pham

2016-02-16T23:31:53+08:002016-02-16T23:31:53+08:00

You have to setup chroot environment for apache. There's a good tutorial here: http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap29sec254.html

1

Prevent apache user from viewing server root directory

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?