0

I'm relatively new to Linux so please excuse my ignorance.

I have a public web directory where I have been experimenting with the permissions to try to learn about them. I have set up a simple test.php file and set its permissions as follows:

-rw --- ---

Which I was expecting to mean only the owner can access the file and no other. But, I can still access this file remotely from the web and the test page shows? This is on a Red Hat web server. NOTE: The owner use is not the web access user.

This worries me as I then think maybe a web user could write to the file some how (is it possible?).

Any pointers would be great. I just want to makesure I understand this as it seems to me to be an important security concept.

Cheers C

columbo
  • 219
  • 2
  • 12

1 Answers1

1

The webserver (Apache2, httpd?) should not be able to read the file, unless it is running as root. Is that the case?

Weboide
  • 3,345
  • 1
  • 25
  • 33
  • Thanks Weboide, If I list the processes running apache gives this... root 6328 0.0 0.1 119052 4236 ? Ss Apr06 1:15 /usr/sbin/apache2 -k start root 6696 0.0 0.0 125304 1720 ? Ss Apr06 1:28 /usr/sbin/apache2 -k start www-data 6697 0.0 0.0 124532 704 ? S Apr06 0:00 /usr/sbin/apache2 -k start ...And 6 other www-data entries. Is this normal to have some root processes and where can I set what user apache uses for web access to the server. Thanks very much, C. – columbo Jul 13 '10 at 07:43
  • Apache2 has very similar results as apache. The process running for httpd is: root 9856 0.0 0.0 3944 628 pts/0 S+ 09:13 0:00 grep httpd ...it is ROOT, is this incorrect? – columbo Jul 13 '10 at 08:17
  • Apache2 seems to be running as www-data, which is fine but you should not be able to read that specific file unless it is owned by www-data. – Weboide Jul 13 '10 at 10:33