SMF 2.1 RC4 has been released! Try it out and help us test! Read more.
Started by [Unknown], November 20, 2003, 03:41:19 AM
Quote from: [Unknown] on November 20, 2003, 03:50:37 AMThe problem is that a lot of servers are not configured properly.
QuoteBeyond webroot protection, which is very necessary for security reasons, we run a standard Apache Suexec setup.
Quotean example, I wan't a script located at /public_html/index.php to read and write to /public_html/MySkins/ same user in the same account, now MySkins contain php script so setting it to 666 should let the world read and write to it but not execute script in there this is so no one can edit the file with bad code and then execute it! this would be -rw-rw-rw- but something is making it so nothing can read the dir unless it has execute permissions.the thing I don't understand is why I have to give execute permissions just to read!?
Quotestill overridden. FTP log: SITE CHMOD 1666 MySkins 200 SITE CHMOD command successful NOOP 200 NOOP command successful CWD /public_html/MySkins 550 /public_html/MySkins: Permission denied if I use 1666 or 2666 or 4666 it's still Forbidden.
Quoteunder 666/public_html/MySkins <- Access /public_html/MySkins/theme <- Access /public_html/MySkins/theme/css <- Permission denied and php can now execute under 666
Quote from: Anguz on February 09, 2004, 03:27:20 AMone of my webhosts does jail accounts and I have a limit to the permissions I can set even, which is my problem
Quote from: Jeff Lewis on February 09, 2004, 03:28:15 PMYou need to move that site to your other host
Quote from: Anguz on February 09, 2004, 04:01:45 PMlol that's actually what I was thinking about (^_^)
Quote from: Anguz on February 09, 2004, 05:36:30 PMthat's precisely the other host we're talking about (~_^)