Search Results

Search found 55 results on 3 pages for 'unprivileged'.

Page 1/3 | 1 2 3  | Next Page >

  • How to allow unprivileged apache/PHP to do a root task (CentOS)

    - by Chris
    I am setting up a sort of personal dropbox for our customers on a CentOS 6.3 machine. The server will be accessible thru SFTP and a proprietary http service base on PHP. This machine will be in our DMZ so it has to be secure. Because of this I have apache running as an unprivileged user, hardened the security on apache, the OS, PHP, applied a lot of filtering in iptables and applied some restrictive TCP Wrappers. Now you might have suspected this one was coming, SELinux is also set to enforcing. I'm setting up PAM to use MySQL so my users in the web application can login. These users will all be in a group that can use SSH only for SFTP and users will be chrooted to their own 'home' folder. To allow this SELinux wants the folders to have the user_home_t tag. Also the parent directory needs to be writable by root only. If these restrictions are not met SELinux will kill the SSH pipe immediately. The files that need to be accessible thru both http and SFTP so I have made a SELinux module to allow Apache to search/attr/read/write etc. to directories with the user_home_dir_t tag. As sftp users are stored in MySQL I want to setup their home dirs upon user creation. This is a problem since Apache has no write access to the /home dir, it's only writable by root since it's required to keep SELinux and OpenSSH happy. Basically I need to let Apache do only a few tasks as root and only within /home. So I need to somehow elevate the privileges temporarily or let root do these tasks for apache instead. What I need to have apache do with root privileges is the following. mkdir /home/userdir/ mkdir /home/userdir/userdir chmod -R 0755 /home/userdir umask 011 /home/userdir/userdir chcon -R -t user_home_t /home/userdir chown -R user:sftp_admin /home/userdir/userdir chmod 2770 /home/userdir/userdir This would create a home for the user, now I have an idea that might work, cron. That would mean the server needs to check for users that have no home every minute, then when creating users the interface would freeze for an average of 30 seconds before the account creation can be confirmed which I do not prefer. Does anybody know if something can be done with sudoers? Or any other idea's are welcome... Thanks for your time!

    Read the article

  • Preferred method for allowing unprivileged UNIX/Linux users to view syslog information

    - by Joshua Hoblitt
    I have some non-privileged "role accounts" that need the ability to view [some of] the local syslogs (eg. /var/log/messages) for debugging purposes. This is explicitly local log data, not remote syslog, logstash, etc. Obviously, there's several ways to address this issue. What I'd like to know is if there is a fairly "standardized" way to solve this issue. Typically, I solve this problem with sudo but either POSIX groups or acls is attractive as it's few chars for the users to type and it removes entries from the sudo log. However, I don't believe I've ever seen that done before. What is your experience? How do large install base sites address this?

    Read the article

  • "/etc/init.d/networking restart" with non-root user

    - by bonchen
    I have a thin client with 112mb RAM which boots ubuntu server 12.04.1 from a usb drive with openbox and it is to be used by students to communicate with cisco equipment. And because of this the students need to be able to reconfigure the network interface and then restart it without a reboot using the only user - cisco. This is what I have so far: adduser cisco usermod -a -G dialout cisco chown root:cisco /etc/network/interfaces chmod 664 /etc/network/interfaces chmod u+s /sbin/shutdown chmod u+s /sbin/reboot chmod u+s /sbin/poweroff chmod u+s /run/network/if* chmod u+s /sbin/ifdown chmod u+s /sbin/ifup And when I run /etc/init.d/networking restart as cisco I get: *Reconfiguring network interfaces... rm: cannot remove `eth0.dhclient': Permission denied Failed to send flush request: Operation not permitted RTNETLINK answers: Operation not permitted Any ideas on how to get this working? Thanks!

    Read the article

  • How can I allow unprivileged users to shutdown from the panel? (no sudo)

    - by potofcoffee
    I set up an old PC with Edubuntu 12.04 for my girls, with an admin account for myself and normal user accounts for both of them. Unfortunately, they are not able to shut down the computer by themselves with this configuration. Choosing shutdown from the (Unity) panel menu will log them out, but that's it. How do I give them shutdown privileges? Please note that they are 5 and 7 years old and just starting to find their way around a computer. Solutions that would require them to open a terminal and sudo whatever are not helpful -- and I don't want them to be able to sudo anything, anyway. I need the panel menu entry "Shutdown" to work for them.

    Read the article

  • Have an unprivileged non-account user ssh into another box?

    - by Daniel Quinn
    I know how to get a user to ssh into another box with a key: ssh -l targetuser -i path/to/key targethost But what about non-account users like apache? As this user doesn't have a home directory to which it can write a .ssh directory, the whole thing keeps failing with: $ sudo -u apache ssh -o StrictHostKeyChecking=no -l targetuser -i path/to/key targethost Could not create directory '/var/www/.ssh'. Warning: Permanently added '<hostname>' (RSA) to the list of known hosts. Permission denied (publickey). I've tried variations using -o UserKnownHostsFile=/dev/null and setting $HOME to /dev/null and none of these have done the trick. I understand that sudo could probably fix this for me, but I'm trying to avoid having to require a manual server config since this code will be deployed on a number of different environments. Any ideas? Here's a few examples of what I've tried that don't work: $ sudo -u apache export HOME=path/to/apache/writable/dir/ ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=path/to/apache/writable/dir/.ssh/known_hosts -l deploy -i path/to/key targethost $ sudo -u apache ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=path/to/apache/writable/dir/.ssh/known_hosts -l deploy -i path/to/key targethost $ sudo -u apache ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -l deploy -i path/to/key targethost Eventually, I'll be using this solution to run rsync as the apache user.

    Read the article

  • How to manage unprivileged administration of system services using Debian?

    - by ypnos
    At our lab, we have several services handled by different phd students (like myself). Fluctuation is high and people do the job next to their research duties. Until now, services were running on different machines, with different OS setups that can result in administration hell quickly. We want to consolidate our service setup. Our main idea is that the guys responsible for the services should not meddle with the underlying system anymore. Apart from core systems like NFS and kerberos, a typical service is able to run as non-root already. I'm talking about apache, mysql, subversion, mail with openxchange, and so on. Redirecting privileged ports is also no issue (source). What is left is the configuration of the service and its payload. One scenario we envisioned is that every service has its own user and home directory, accessable by the corresponding admins. Backup and fallback of the service is easy, as everything needed for the service to run is found in one place. Are there established ways to create such a setup? Does a mostly unique method exist to make services find their files (other than in system directories) while still using the corresponding debian packages? Are there any catches with our idea that we may have overlooked? Would you maybe claim that virtualization is the answer to our problem? (In our POV, it wouldn't help us keeping system setup strictly separated from service setup.) Thank you for any advice!

    Read the article

  • How to get an unprivileged public status page showing in OpenWrt 12.09 or newer?

    - by lkraav
    For the use case where the WAN connection goes down, but employees can still access wifi, I'd like them to be able to check on some sort of a public router status page in their problem reports. This may have been available on DD-WRT at one point (or still is), I can't 100% recall anymore. Going through all LuCI's screens with a fine-toothed comb and googling a fair amount isn't producing results. Anyone have a solution?

    Read the article

  • Have an unprivileged non-account user ssh into another box?

    - by Daniel Quinn
    I know how to get a user to ssh into another box with a key: ssh -l targetuser -i path/to/key targethost But what about non-account users like apache? As this user doesn't have a home directory to which it can write a .ssh directory, the whole thing keeps failing with: $ sudo -u apache ssh -o StrictHostKeyChecking=no -l targetuser -i path/to/key targethost Could not create directory '/var/www/.ssh'. Warning: Permanently added '<hostname>' (RSA) to the list of known hosts. Permission denied (publickey). I've tried variations using -o UserKnownHostsFile=/dev/null and setting $HOME to /dev/null and none of these have done the trick. I understand that sudo could probably fix this for me, but I'm trying to avoid having to require a manual server config since this code will be deployed on a number of different environments. Any ideas? Here's a few examples of what I've tried that don't work: $ sudo -u apache export HOME=path/to/apache/writable/dir/ ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=path/to/apache/writable/dir/.ssh/known_hosts -l deploy -i path/to/key targethost $ sudo -u apache ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=path/to/apache/writable/dir/.ssh/known_hosts -l deploy -i path/to/key targethost $ sudo -u apache ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -l deploy -i path/to/key targethost Eventually, I'll be using this solution to run rsync as the apache user.

    Read the article

  • can't mount ntfs partition without root access

    - by tachyons
    whenever try to mount ntfs partition it says Error mounting: mount exited with exit code 1: helper failed with: Unprivileged user can not mount NTFS block devices using the external FUSE library. Either mount the volume as root, or rebuild NTFS-3G with integrated FUSE support and make it setuid root. Please see more information at http://tuxera.com/community/ntfs-3g-faq/#unprivileged I tried this answer but it wont work

    Read the article

  • Error mounting an external HDD

    - by Slash
    I want to mount an external HDD.I have tried many things but still no success.When i try to mount it from Disk Utility i get this error: Error mounting: mount exited with exit code 1: helper failed with: Unprivileged user can not mount NTFS block devices using the external FUSE library. Either mount the volume as root, or rebuild NTFS-3G with integrated FUSE support and make it setuid root. Please see more information at tuxera.com/community/ntfs-3g-faq/#unprivileged

    Read the article

  • Rsync root files between systems without specifying password

    - by xpt
    This seems very tricky to me. I've set up my two systems so that I can rsync files between them as me, without specifying password. Now the the problem is to rsync files that belong to root. On both of my systems, there are no root passwords. The only way to become root is via sudo. So I can neither give a password for sudo rsyn local root@remote:, no use my ssh-agent to supply pass phrase. I don't want to set up a root password on any systems; and I do need the files to be owned by root on both systems. EDIT: Using the files that belong to root is just an example, I need a way for my unprivileged account to read/write system (including root-owned) files easily. One example is to copy my configured /root environment into the freshly-installed system. The two systems are actually two VMs under a single host, so it's not a big concern for me to copy root-owned files between them. EDIT 2: If I only want to copy my configured /root environment into the freshly-installed system, I can use tar: sudo tar cvzf - /root | ssh me@remote sudo tar xvzf - -C / But I do need rsync to update from time to time. Any easy way to make it happen? EDIT 3: Formally formulate the question Alright, it all began with the question, how to rsync files that belong to root between two systems as a normal unprivileged user, without specifying password, under the condition that, The root account is locked on both of systems. I.e., there are no root passwords. The only way to become root is via sudo (recommended security practice, see http://help.ubuntu.com/community/RootSudo) I don't want a completely passwordless sudo but don’t want to be typing passwords all the time either. The normal unprivileged user has entered their ssh pass phrase into the ssh agent. Thanks

    Read the article

  • OS X clients ignoring Windows print server permissions

    - by Ilumiari
    I'm in the process of testing a Windows Server 2008 R2 print server for a mixed OS X/Windows environment. Any security permissions (AD groups) I set for the printers on the print server are not honoured by the OS X clients. Only if I remove absolutely all permissions for a given printer will an OS X client not print to that printer. The Windows clients honour the permissions as expected. The PrintService log doesn't record any activity when an unprivileged Windows client attempts to print, and records a typical print job when an unprivileged OS X client attempts to print. Has anyone encountered this problem before and have a fix? With 600-700 clients, a number of which are dual-booting, restricting by IP address is not viable. EDIT: The jobs are definitely going through the print server, they show up in the logs with their AD credentials.

    Read the article

  • Cannot mount USB drive -- FSTAB error

    - by user107646
    Recently, one of my desktops seems to have developed a problem with the fstab and mounting USB drives. The specific error I receive is... Unable to mount TRAVELDRIVE Error mounting: mount exited with exit code 1: helper failed with: Unprivileged user can not mount NTFS block devices using the external FUSE library. Either mount the volume as root, or rebuild NTFS-3G with integrated FUSE support and make it setuid root. Please see more information at http://tuxera.com/community/ntfs-3g-faq/#unprivileged The contents of my fstab are... /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc nodev,noexec,nosuid 0 0 #Entry for /dev/sdc1 : UUID=7e3431cd-522f-4e35-b286-4300fa702d4a / ext4 errors=remount-ro 0 1 #Entry for /dev/sda1 : UUID=60684D08684CDE82 /media/Archive ntfs-3g defaults,locale=en_US.UTF-8 0 0 #Entry for /dev/sdc5 : UUID=cd166221-4b1d-40f7-b9de-785208990587 none swap sw 0 0 /dev/sdd1 /media/sdd1 ntfs nls=iso8859-1,ro,users,umask=000,user 0 0 /dev/sdd5 /media/PS3 (fat32) vfat users,user 0 0 /dev/sdd5 /media/sdd5 vfat uid=m3talhead,users,user 0 0 I'm guessing its a problem with the duplicate /dev/sdd5 entries (?), but being the *nix noob I am, I'm not certain. What am I missing? Any assist is greatly appreciated!

    Read the article

  • The remote server returned an error: 227 Entering Passive Mode

    - by hmloo
    Today while uploading file to FTP sever, the codes throw an error - "The remote server returned an error: 227 Entering Passive Mode", after research, I got some knowledge in FTP working principle. FTP may run in active or passive mode, which determines how the data connection is established. Active mode: command connection: client >1024  -> server 21 data connection:    client >1024  <-  server 20 passive mode: command connection: client > 1024 -> server 21 data connection:    client > 1024 <- server > 1024 In active mode, the client connects from a random unprivileged port (N > 1023) to the FTP server's command port(default port 21). If the client needs to transfer data, the client will use PORT command to tell the server:"hi, I opened port XXXX, please connect to me." and then server will use port 20 to initiate the data connection to that client port number. In passive mode, the client connects from a random unprivileged port (N > 1023) to the FTP server's command port(default port 21). If the client needs to transfer data, the sever will tell the client:"hi, I opened port XXXX , please connect to me." and then client will initiate the data connection to that sever port number. In a nutshell, active mode is used to have the server connect to the client, and passive mode is used to have the client connect to the server. So if your FTP server is configured to work in active mode only or the firewalls between your client and the server are blocking the data port range, then you will get error message, to fix this issue, just set System.Net.FtpWebRequest property UsePassive = false. Hope this helps! Thanks for reading!

    Read the article

  • Managing Apache to Compensate for WebDAV's Security Masking

    - by Tohuw
    When a user creates a file via WebDAV, the default behavior is that the file is owned by the user and group running the Apache process, with a umask of 022. Unfortunately, this makes it impossible for unprivileged users to write to the files by other means without being a member of the group Apache runs under (which strikes me as a particularly bad idea). My current solution is to set umask 000 in Apache's envvars and remove all world permissions from the webdav parent directory for the user. So, if the WebDAV share is /home/foo/www, then /home/foo/www is owned by www-data:foo with permissions of 770. This keeps other unprivileged users out, more or less, but it's hokey at best and a security disaster awaiting at worst. From my research and poking around at mod_dav and Apache, I cannot find a reasonable solution short of a cron job flipping all the permissions back (I'd rather not have the load and increased complexity on the server). SuExec won't work, either, because WebDAV operations are not going to execute as a different user. Any thoughts on this? Thank you.

    Read the article

  • Should windows services be created with custom users, or should I use one of LocalSystem/LocalServic

    - by Justin Dearing
    I'm asking the question in general for the average custom developed NT service or unix OSS daemon ported to windows with SCM support. However, at the moment my immediate concern is for mongodb. From my experience with UNIX I like all my services to run as different unprivileged users. The way this has translated to windows is as follows: Create a local (or domain if it has to talk to SQL server) windows user with a long random password (lately an ASCII85 encoded guid generated from a different machine). Set it to next expire and forbid it from changing its password. Remove that user from the "Users Group". Grant that user "Login as a Service" permission. Give it read permission to the folder where the app resides, and write permission to the logs and data files the applications use. Assign the user to the service. Troubleshoot until the service starts. My feeling is that the unprivileged users are less powerful than the 3 special service users. I also feel that by isolating which users run which services, I would limit collateral damage if a way to compromise one service was found.

    Read the article

  • Why is SMF manifest losing configuration data when exported on SmartOS?

    - by Scott Lowe
    I'm running a server process under SMF (Server Management Facility) on Joyent's Base64 1.8.1 SmartOS image. For those not aqauinted with SmartOS, it is a cloud-based distribution of IllumOS with KVM. But essentially it is like Solaris and inherits from OpenSolaris. So even if you've not used SmartOS, I'm hoping to tap into some Solaris knowledge on ServerFault. My issue is that I want an unprivileged user to be allowed to restart a service that they own. I have worked out how to do that by using RBAC and adding an authorisation to /etc/security/auth_attr and associating that authorisation with my user. I then added the following to my SMF manifest for the service: <property_group name='general' type='framework'> <!-- Allow to be restarted--> <propval name='action_authorization' type='astring' value='solaris.smf.manage.my-server-process' /> <!-- Allow to be started and stopped --> <propval name='value_authorization' type='astring' value='solaris.smf.manage.my-server-process' /> </property_group> And this works well when imported. My unprivileged user is allowed to restart, start and stop its own server process (this is for automated code deployments). However, if I export the SMF manifest, this configuration data is gone... all I see in that section is this: <property_group name='general' type='framework'> <property name='action_authorization' type='astring'/> <property name='value_authorization' type='astring'/> </property_group> Does anybody know why this is happening? Is my syntax wrong, or am I simply not using SMF incorrectly?

    Read the article

  • Snmpd update interface counters slowly or something like this

    - by Korjavin Ivan
    I update one my freebsd box to 9-stable (totally new installation) and install net-snmp for monitoring. uname -r 9.1-PRERELEASE pkg_info net-snmp-5.7.1_7 Information for net-snmp-5.7.1_7: Comment: An extendable SNMP implementation .... cat /var/db/ports/net-snmp/options # This file is auto-generated by 'make config'. # Options for net-snmp-5.7.1_7 _OPTIONS_READ=net-snmp-5.7.1_7 _FILE_COMPLETE_OPTIONS_LIST= IPV6 MFD_REWRITES PERL PERL_EMBEDDED PYTHON DUMMY TKMIB DMALLOC MYSQL AX_SOCKONLY UNPRIVILEGED OPTIONS_FILE_UNSET+=IPV6 OPTIONS_FILE_UNSET+=MFD_REWRITES OPTIONS_FILE_SET+=PERL OPTIONS_FILE_SET+=PERL_EMBEDDED OPTIONS_FILE_UNSET+=PYTHON OPTIONS_FILE_SET+=DUMMY OPTIONS_FILE_UNSET+=TKMIB OPTIONS_FILE_SET+=DMALLOC OPTIONS_FILE_UNSET+=MYSQL OPTIONS_FILE_UNSET+=AX_SOCKONLY OPTIONS_FILE_UNSET+=UNPRIVILEGED I have about 500 vlan on this machine, and collect info about interface through snmpd to 2 different software, zabbix and cacti. And both of them plot the graphs with blank fields. I tryed change polling time in zabbix, from 15, sec to 30,60,90,120,10. And anyway i have blank fields. snmpd.conf is empty - only a access controls. This configuration worked fine on freebsd 8. Where is my fault? How fix this graphs? UPD: Changing pooling time, switch off one of agent, doesnt help. I look at zabbix log (recieved data from snmpd) and see that: sorry for russian locale, just look at numbers: and thats is not true, as my "iftop" show speed was about 90Mbits, but snmpd return 2Mbits. I understand that snmpd doesnt return speed, it return just a counter. But how its possible? why 2Mbit/s ? I tryed recompile snmpd with 64-bit counters, and without it. In both variants this blank fields present. So i think its my OS (freebsd) doesnt update interface counters well. I still collect tcpdump for found this request/response. But have problem with that, to much trash. UPD2: I decrypt tcpdump-ed file, and public this as google doc at gdocfile Timediff looks strange.. Like zabbix sometimes "forget" do request, and then do twice at row, ehh UPD3: I parse log from command "while true; do netstat -bin -I vlan4008 /var/log/netstat; sleep 300; done" and load as google docs, and add formula for speed : link Looks like all counters in OS are good. Now i think problem in : 1. zabbix get request twice at row (and what about cacti) 2. snmpd use counter32

    Read the article

  • Sudo-ing Apache for a particular vhost

    - by djechelon
    I want to manage several SVN repositories for a particular vhost in my system. I want those to be owned by a particular user in the system and not by wwwrun/www. The other websites hosted by Apache should be regularly executed by the unprivileged wwwrun/www user. I'm using worker. How can I tell Apache that every request for a specific vhost must be served impersonating a specific user like I would do in IIS? (This will also come useful when running FUDforum)

    Read the article

  • Apache+Tomcat VS Stand Alone Tomcat or GlassFish

    - by TonyZ
    Hi, I am setting up a Debian server to serve Java web applications. I have done quite a bit of research for several weeks now. Tomcat's web site says it is better to use stand alone Tomcat for speed if you are not clustering. However, I have seen many people suggest that using Apache + Tomcat gives you better security and protection against attacks. Please assume that the process will be running on port 80 as an unprivileged user. I would assume that if you are running a firewall in front the server, Tomcat should be fine. If, however, you just want to run an exposed webserver using Linux firewall, what is the best option? Or maybe someone can recommend another open source web server. I am trying to keep the solution as light as possible as these webapps will be running in containers. All opinions welcome and valued. Thanks, Tony Z

    Read the article

  • Why do I start at privilege level 1 when logging into a Cisco ASA 5510?

    - by Alain O'Dea
    I have created a test user that is set to privilege 15 in the config: username test password **************** encrypted privilege 15 When I log in to the ASA 5510 I am in privilege 1 according to sh curpriv: login as: test [email protected]'s password: Type help or '?' for a list of available commands. asa> sh curpriv Username : test Current privilege level : 1 Current Mode/s : P_UNPR Attempting enable fails even though I know I have the correct enable password: asa> en Password: ************************* Password: ************************* Password: ************************* Access denied. Logging in from unprivileged puts me on privilege 15 and I can do as a please: asa> login Username : test Pasword: ************************* asa> sh curpriv Current privilege level : 15 Current Mode/s : P_PRIV asa> The only thing I can track this to is a configuration change I made where I removed a VPN user we no longer needed. Why do I start at privilege level 1 when logging into a Cisco ASA 5510?

    Read the article

  • Change environment variables as standard user (Windows 7)

    - by SealedSun
    When clicking on "Advanced system settings", I need to login as the administrator and hence only edit the administrators environment variables (in addition to the machine wide ones). How do I edit the environment variables of a standard user? Details With the migration to Windows 7, I decided to work as a standard user instead of an unprivileged administrator. Works well so far but I encountered a tiny problem: When I try to change per user environment variables via the control panel I have to login as an administrator. But since I run that part of the control panel as the administrator I can only edit the administrators variables. How am I supposed to edit my own environment variables? Without resorting to extreme measures, such as editing the registry (as suggested in "Is there any command line tool that can be used to edit environment variables in Windows?" )

    Read the article

  • Should DKIM signing happen in the application or the MTA?

    - by thomasrutter
    I'm trying to weigh up whether DKIM signing should be done by the application sending mail (for instance, the mailing list software you're using) or at the mail transfer agent (sendmail, postfix etc). Do you know any good arguments either way? As far as I can see, doing it at the MTA, such as with dkim-milter, is a lot easier to set up. However, if anyone gets access to the server, even just a normal unprivileged account such as a web hosting client's login, they'd be able to send email using sendmail and get the full blessing of my DKIM signature. What do you think is the best solution for my situation? I'm using a Debian server with apache, postfix, php&mysql, etc.

    Read the article

  • Running PHP scripts as the owner of the PHP file: security issues

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web user can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • Security issues of running PHP scripts as the owner of the PHP file with suexec

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web server can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

1 2 3  | Next Page >