1

Possible Duplicate:
What are the best linux permissions to use for my website?

I'm trying to get a canonical answer on how to set up permissions for apache vis-a-vis the web root (/var/www). According to this highly popular answer, giving apache write-access to /var/www seems ok, whereas elsewhere (see comments) it seems like a no-no.

Can someone shed some light? If this is a security risk in and of itself, can you describe exactly how it would be exploited?

Update:
Let's assume a private server, where the only two users we're concerned about are 'apache' and 'root'.

Community
  • 1
Yarin
  • 1,316
  • 8
  • 19
  • 31
  • **Not** a duplicate- this question deals specifically with whether giving apache write access is a vulnerability. – Yarin Dec 18 '12 at 04:44

2 Answers2

1

The key difference between the two links are that the first link sets permission 775 only to the folder. The second sets permission 775 to all files and folders under it as well as itself. The latter is the great problem as that makes all files executable. You don't want your user uploaded files being executed as an example.

With files aside, pertaining to the security of the folder itself:

If apache has full access to the folder, and it is a shared environment (such as shared hosting), other users (whether it be legitimate user or by a hacker) who can spawn apache processes can add/modify any portion of the shared web services through the apache user. If there is only single user serviced by this machine, I do not think there's any significant security difference between the two.

Grumpy
  • 2,939
  • 17
  • 23
  • @Peter- I see what you're saying, but that's not quite the case- in the first example, they are giving write access to **all folders and sub-folders.** In the second example, even though you're right that the example code would give files execute permissions which is obviously not acceptable, the commentators are taking issue with folder write access, which is my concern as well. (Let's assume we're only setting folder permissions) – Yarin Dec 17 '12 at 02:17
  • @Yarin appended to answer. – Grumpy Dec 17 '12 at 05:02
1

Giving a user write access to a directory gives that user write, modify, and delete rights to anything in that directory, regardless the owner or individual permissions of the files contained in it. The webserver user works on behalf of anyone who has access to websites it serves. In most cases, anyone is the general Internet, unless specific security rules are in place. Therefore, anyone on the Internet with basic knowledge could delete and/or modify files, or place undesired content in your directory structure to serve it out.

A recommended solution is to have a writable directory outside the public structure, which a secure script has access to, to write/present content to the public. If you absolutely must have a writable directory within the public structure, I would make it an obscure low-level directory that is never referenced for read purposes to the general Internet. But never the top of your website structure.

Unfortunately, there is no answer to the generic question of how to exploit a web facing server to write to the unprotected file-system. It would depend on the web server and supporting services (e.g.: PHP; JAVA, etc.) and exploits of the particular versions you are running, in addition to any insecure scripts (PHP; CGI; PERL; JAVA) that may be running on the website. The point is, as a web/systems administrator, you should not open write to your disk, putting complete faith in any of the above items to protect you. Also, it would be unethical to propagate such information.

Jerry
  • 126
  • 3
  • @Jerry- thanks for the recommendations, but I'm still looking for specifics on how this could be exploited. "Therefore, anyone on the Internet with basic knowledge could delete and/or modify files, or place undesired content in your directory structure to serve it out."- Can you give an example of how that could happen? – Yarin Dec 17 '12 at 03:22
  • A user with write access to a directory has permission to delete files therein, but not modify them, unless they have the appropriate permissions on those files as well. – AdmiralNemo Dec 17 '12 at 03:58
  • @AdmiralNemo- There may be applications/processes that do not take into accocunt directory permissions to override file permissions, but most do. Example: directory with 770 root:user ownership, containing a file 700 root:root ownership. If a general user, part of the user group modifies the files via 'vi', 'vi' will complain that the file is read-only, but it will allow you to override with a write bang (:w!) because of the directory permissions. Regardless of other application's lack of functionality to modify, deleting and writing it new is no different than being able to modify it. – Jerry Dec 17 '12 at 17:34