Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Securing system folders?

Discussion in 'Security' started by Eli L, Aug 27, 2010.

  1. Eli L

    Eli L Well-Known Member

    Joined:
    Aug 9, 2007
    Messages:
    61
    Likes Received:
    1
    Trophy Points:
    58
    Location:
    Bellingham, Washington, United States
    cPanel Access Level:
    Root Administrator
    What should the permissions of system folders and files be (etc, usr, var....)? If I use a php shell I can change dirs into the root of my server and browse system folders and files that were created with insecure permissions.

    Seems like a big security risk. How do I prevent this and what permissions should the folders and files be?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    320
    Likes Received:
    3
    Trophy Points:
    68
    There are plenty of ways on doing this. I learnt though google when I first started of but I will explain below on some changes you may want to think about.

    The below cmd will secure your TMP folder, And such
    Make sure you also use “nosuid” and “noexec” in the /etc/ftsab

    Generally though, If you set the folders to an example 777 cPanel will warn you about this and 99% ask you to change then to 1777
     
  3. rackaid

    rackaid Active Member

    Joined:
    Jan 18, 2003
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    158
    Location:
    Jacksonville, FL
    cPanel Access Level:
    DataCenter Provider
    A php shell script can browse any directories that the apache or the php script user user has permissions to access.

    To limit php access, consider tools like suPHP, safe mode and open base dir. In terms of limiting system files, there are only some many changes you can make and have your server work.

    Generally, you are better off spending your efforts keeping your web scripts updated than trying to harden paths on your server.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice