Home page logo

basics logo Security Basics mailing list archives

Re: User folders - Linux
From: "Asmo" <asmodeus () interia pl>
Date: Thu, 2 Dec 2004 10:03:51 -0800


On Tue, 30 Nov 2004, Rafal Zajac wrote:
I will have there kinds of users:

- shell users - users with shell, ftp, www (home pages http/php/mySQL)

- Not trusted users - without shell access but with ftp and www access

- anonymous users - access to anonymous ftp (upload and download -
data will be accessible to download only after approval )

Note that if you allow to upload a program (e.g., PHP script) and execute
it on
a http request this means that effectively you provide "shell access". So,
unless you disable CGI and PHP for "not trusted users" there is no point
separating these categories.

Yes I konow. I forgot to write that "not trusted users" will have no PHP,
CGI. My question was only about folder placement.

Thank you

Ponad 400 tysiecy facetow czeka na Ciebie 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]