The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Securing system folders?

Discussion in 'Security' started by Eli L, Aug 27, 2010.

  1. Eli L

    Eli L Well-Known Member

    Joined:
    Aug 9, 2007
    Messages:
    61
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Bellingham, Washington, United States
    cPanel Access Level:
    Root Administrator
    What should the permissions of system folders and files be (etc, usr, var....)? If I use a php shell I can change dirs into the root of my server and browse system folders and files that were created with insecure permissions.

    Seems like a big security risk. How do I prevent this and what permissions should the folders and files be?
     
  2. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    There are plenty of ways on doing this. I learnt though google when I first started of but I will explain below on some changes you may want to think about.

    The below cmd will secure your TMP folder, And such
    Make sure you also use “nosuid” and “noexec” in the /etc/ftsab

    Generally though, If you set the folders to an example 777 cPanel will warn you about this and 99% ask you to change then to 1777
     
  3. rackaid

    rackaid Active Member

    Joined:
    Jan 18, 2003
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Jacksonville, FL
    cPanel Access Level:
    DataCenter Provider
    A php shell script can browse any directories that the apache or the php script user user has permissions to access.

    To limit php access, consider tools like suPHP, safe mode and open base dir. In terms of limiting system files, there are only some many changes you can make and have your server work.

    Generally, you are better off spending your efforts keeping your web scripts updated than trying to harden paths on your server.
     
Loading...

Share This Page