The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

file protection

Discussion in 'General Discussion' started by jlreed1, Oct 25, 2003.

  1. jlreed1

    jlreed1 Registered

    Joined:
    Oct 12, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    The webroot protection is successfully preventing users from using a cgi interface to read files in public_html, but world readable files stored in other directories under /home/user are still accessible.

    PHP can be controlled via safe_mode and/or open_basedir, but it's a fairly straightforward task to whip up a PERL script to find what you're looking for (particularly if you know the filename).

    A simple fix is to apply the same ownership and permissions to /home/user that the webroot protection applies to /home/user/public_html. Can anybody comment on the ramifications... e.g. what will break when I do this?

    Thanks.
     
  2. jlreed1

    jlreed1 Registered

    Joined:
    Oct 12, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    For anyone that's interested, you can be sure that it at least breaks smtp_auth.
     
Loading...

Share This Page