Securing system folders?

[Eli L]

What should the permissions of system folders and files be (etc, usr, var....)? If I use a php shell I can change dirs into the root of my server and browse system folders and files that were created with insecure permissions.

Seems like a big security risk. How do I prevent this and what permissions should the folders and files be?

 

[GaryT]

There are plenty of ways on doing this. I learnt though google when I first started of but I will explain below on some changes you may want to think about.

The below cmd will secure your TMP folder, And such

/scripts/securetmp --auto

Make sure you also use “nosuid” and “noexec” in the /etc/ftsab

Generally though, If you set the folders to an example 777 cPanel will warn you about this and 99% ask you to change then to 1777

 

[rackaid]

A php shell script can browse any directories that the apache or the php script user user has permissions to access.

To limit php access, consider tools like suPHP, safe mode and open base dir. In terms of limiting system files, there are only some many changes you can make and have your server work.

Generally, you are better off spending your efforts keeping your web scripts updated than trying to harden paths on your server.