Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

wget security

Discussion in 'Security' started by sneader, Jun 2, 2010.

  1. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,155
    Likes Received:
    39
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    I have a potential new customer that is asking if we allow customers to use wget. I tried it with a random hosting account and I get:

    blah@blah.com [~]# wget http://www.example.com/index.htm
    -bash: /usr/bin/wget: Permission denied

    I see that /usr/bin/wget has 700 permissions and is owned by root.

    I'm assuming there are security repercussions of allowing wget for users. Anyway, I'd appreciate any general discussion about wget security, alternatives for users, etc.

    Thanks!

    - Scott
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    There are horrible security repercussions - hackers use it to download their toolkits when they are trying to crack into your accounts, so keeping it turned off will save you a whole world of pain!

    The two alternatives I can think of from the top of my head are:

    create a wget group, make it perm 710 and change it's group to wget, and add users to wget group as needed
    Code:
    groupadd wget
    chgrp wget /usr/bin/wget
    chmod 710 /usr/bin/wget
    usermod (options) username
    (read the manual for relevant usermod options)

    create a separate binary called "wget.4x" and tell only some users what the name of the binary is, with permissions 755:
    Code:
    cp /usr/bin/wget /usr/local/bin/wget.4x
    chmod 711  /usr/local/bin/wget.4x
    
    This second method is probably the easiest ...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    sneader likes this.
  3. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,155
    Likes Received:
    39
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Thanks very much!!

    - Scott
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice