The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

wget security

Discussion in 'Security' started by sneader, Jun 2, 2010.

  1. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    I have a potential new customer that is asking if we allow customers to use wget. I tried it with a random hosting account and I get:

    blah@blah.com [~]# wget http://www.example.com/index.htm
    -bash: /usr/bin/wget: Permission denied

    I see that /usr/bin/wget has 700 permissions and is owned by root.

    I'm assuming there are security repercussions of allowing wget for users. Anyway, I'd appreciate any general discussion about wget security, alternatives for users, etc.

    Thanks!

    - Scott
     
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    There are horrible security repercussions - hackers use it to download their toolkits when they are trying to crack into your accounts, so keeping it turned off will save you a whole world of pain!

    The two alternatives I can think of from the top of my head are:

    create a wget group, make it perm 710 and change it's group to wget, and add users to wget group as needed
    Code:
    groupadd wget
    chgrp wget /usr/bin/wget
    chmod 710 /usr/bin/wget
    usermod (options) username
    (read the manual for relevant usermod options)

    create a separate binary called "wget.4x" and tell only some users what the name of the binary is, with permissions 755:
    Code:
    cp /usr/bin/wget /usr/local/bin/wget.4x
    chmod 711  /usr/local/bin/wget.4x
    
    This second method is probably the easiest ...
     
    sneader likes this.
  3. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Thanks very much!!

    - Scott
     
Loading...

Share This Page