Home page logo
/

basics logo Security Basics mailing list archives

Re: User folders - Linux
From: "Asmo" <asmodeus () interia pl>
Date: Thu, 2 Dec 2004 10:03:51 -0800

Hi

On Tue, 30 Nov 2004, Rafal Zajac wrote:
I will have there kinds of users:

- shell users - users with shell, ftp, www (home pages http/php/mySQL)
access

- Not trusted users - without shell access but with ftp and www access

- anonymous users - access to anonymous ftp (upload and download -
uploaded
data will be accessible to download only after approval )

Note that if you allow to upload a program (e.g., PHP script) and execute
it on
a http request this means that effectively you provide "shell access". So,
unless you disable CGI and PHP for "not trusted users" there is no point
in
separating these categories.


Yes I konow. I forgot to write that "not trusted users" will have no PHP,
CGI. My question was only about folder placement.

Thank you
Rafal


----------------------------------------------------------------------
Ponad 400 tysiecy facetow czeka na Ciebie 
http://link.interia.pl/f183a


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault