Home page logo
/

basics logo Security Basics mailing list archives

Re: some permission problem?
From: buzzdee <reitenba () fh-brandenburg de>
Date: Wed, 7 May 2003 08:27:19 +0200

Am Dienstag, 6. Mai 2003 09:29 schrieb SB CH:
Hello, all.

I found that some malicious man browsed /etc/passwd file by httpd.
So I would like to block to see /etc/passwd file by nobody(http user)
permission.

you don't need to worry about the permissions of your /etc/passwd file (of 
course you should ;-) if you want to stop users getting it over http. just 
add a directive like for your .htaccess files.
<Files ~ "^passwd"> 
    Order allow,deny 
    Deny from all 
</Files>
this directive in your httpd.conf should stop users from download files calld 
passwd.

hth
buzzdee

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault