Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [tlug] Efficiently executing a cron job on my webhosting server
- Date: Sun, 8 Jul 2007 09:26:24 +0900
- From: <burlingk@example.com>
- Subject: RE: [tlug] Efficiently executing a cron job on my webhosting server
On Fri, 6 Jul 2007 12:20:09 +0900, "Dave Gutteridge" <ebisudave@example.com> wrote in <7d27112b0707052020h293cbf71se22c91761135d686@example.com>: > > The second is, the first time I ran the above command in > cron, I got an error message (via my admin email) saying > "permission denied". I changed the permissions to 777 just to > get it working. But what is the most appropriate permission > setting for a PHP script I'm intending to execute this way? > Verily I say, 777 is the number of the beast, and it shall spill out famin across the land. 'chmod 777 anything' is like saying to the world "Hey, take me, I'm yours." Especially with a file that is already an accepted script. With a file chmoded to 777, anyone who can get access to the file can Change the file and execute the file. If it is already a script, this is worse because it means that you are less likely to investigate generic log messages saying it has been accessed. Afterall, executables execute, right? Even if it were just a text file, anyone who has a Linux or Unix box, or is just familiar linux and unix (could be windows even), could make a safe guess as to the location of your interpreters and turn the 777ed text file into a bash, perl, ruby, or php script (or a number of other things that they could assume might be on your machine) and do ugly things with it. Yes, it is true that most machines are out in the middle of cyber space and no one cares what is on them, or wants to spend a lot of time breaking in too them when they could just as easily send a random Windows user a trojen and get them to install it themselves, but security is not about keeping out the average person, or the average attacker. It is about the possible attacker. That one random person who may never show, but if they do your screwed. Yes, obscurity is a good tactic, but don't depend on it entirely. Anything that is accessable publicly should not be chmoded past 755. It should not be world writable, and in most cases it does not need to be world executable either. Make it readable and executable by the web server, and if a file needs to be writable by the server, set that too. :) Don't be too generouse Though. 777 is something that should probably never be used on a web server. :-) I think it is ok on a local share directory on a shared machine, but not anywhere that the web server can just say http://mydomain/myscript.php or similar. ^^
- Prev by Date: Re: [tlug] Efficiently executing a cron job on my webhosting server
- Next by Date: Re: [tlug] [OT] Intel core duo errata
- Previous by thread: Re: [tlug] Efficiently executing a cron job on my webhosting server
- Next by thread: [tlug] [OT] Sell book Head first Java
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |