DekGenius.com
[ Team LiB ] Previous Section Next Section

Recipe 6.23 Protecting Server Files from Malicious Scripts

Problem

Scripts running on your web server may access, modify, or destroy files located on your web server if they are not adequately protected. You want to ensure that this cannot happen.

Solution

Ensure that none of your files are writable by the nobody user or the nobody group, and that sensitive files are not readable by that user and group:

# find / -user nobody
# find / -group nobody

Discussion

The User and Group directives specify a user and group under whose privileges the web server will run. These are often set to the values of nobody and nobody, respectively, but they can vary in different setups. It is often advisable to create a completely new user and group for this purpose, so that there is no chance that the user has been given additional privileges of which you are not aware.

Because everything runs with these privileges, any files or directories that are accessible by this user and/or group will be accessible from any script running on the server. This means that a script running under one virtual host may possibly modify or delete files contained within another virtual host, either intentionally or accidentally, if those files have permissions making this possible.

Ideally, no files anywhere on your server should be owned by, or writable by, the server user, unless for the explicit purpose of being used as a datafile by a script. And, even for this purpose, it is recommended that a real database be used, so that the file itself cannot be modified by the server user. And if files simply must be writable by the server, they should definitely not be in some web-accessible location, such as /cgi-bin/.

See Also

    [ Team LiB ] Previous Section Next Section