On 02/13/2013 04:40 PM, The Natural Philosopher wrote:
> On 13/02/13 04:09, Cal Dershowitz wrote:
>> On 02/12/2013 07:27 AM, The Natural Philosopher wrote:
>>
>>> All here by the looks of it
>>>
>>> https://help.ubuntu.com/community/ApacheMySQLPHP
>>>
>>>
>>>
>>
>> Thanks all for comments. I got as far in the process as to have a
>> localhost that shows up in a browser and try to write test.php, and I
>> don't want to get too far ahead of myself with enabling permissions.
>>
>> $ cat > test.php
>> bash: test.php: Permission denied
>> $ pwd
>> /var/www
>> $ cd ..
>> $ ls -l
>> total 48
>> drwxr-xr-x 2 root root 4096 Feb 1 17:18 backups
>> drwxr-xr-x 18 root root 4096 Feb 12 20:06 cache
>> drwxrwsrwt 2 root whoopsie 4096 Dec 13 07:35 crash
>> drwxr-xr-x 2 root root 4096 Apr 23 2012 games
>> drwxr-xr-x 66 root root 4096 Feb 12 20:07 lib
>> drwxrwsr-x 2 root staff 4096 Apr 19 2012 local
>> lrwxrwxrwx 1 root root 9 Jan 23 02:33 lock -> /run/lock
>> drwxr-xr-x 19 root root 4096 Feb 12 20:07 log
>> drwxrwsr-x 2 root mail 4096 Apr 23 2012 mail
>> drwxr-xr-x 2 root root 4096 Apr 23 2012 opt
>> lrwxrwxrwx 1 root root 4 Jan 23 02:33 run -> /run
>> drwxr-xr-x 8 root root 4096 Apr 23 2012 spool
>> drwxrwxrwt 2 root root 4096 Feb 12 20:02 tmp
>> drwxr-xr-x 2 root root 4096 Feb 12 20:08 www
>> $
>>
>> Without any better notion, I would simply chmod a +w here for www, but
>> I'd first like to ask if that's a good idea, as sometimes I've found
>> that when I lack permission to do something, that it's more like keeping
>> me from shooting myself in the foot.
>>
>> What would you do now?
> I would make www owned by (IIRC) www-data or whatever apache runs under,
> and group staff and leave the permissions alone.
Can you elaborate?
>
> If that is felt to be a bit lax there are other arrangements involving
> sticky bits that can ensure that what goes in there gets allocated to
> the right group.
>
> For a nasty hack for testing and getting stuff working chmod 777 the
> directory at least. But don't do that on a publicly
> visible server.
>
> It pays to understand the permissions system on *nix properly,and use it
> as another line of defence against hackers.
>
>
> #
>
Thank you, NP. "Dirty" is particularly-encouraging as a tactic, since
it really is only me here, on an ancient machine, trying to make
something happen.
I've been x-posting here for a bit and even cross-threading, not out of
malice for the original topicalit of forums, but for the direction a
thread takes.
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
....
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
messagebus:x:102:105::/var/run/dbus:/bin/false
colord:x:103:108:colord colour management
daemon,,,:/var/lib/colord:/bin/false
lightdm:x:104:111:Light Display Manager:/var/lib/lightdm:/bin/false
whoopsie:x:105:114::/nonexistent:/bin/false
avahi-autoipd:x:106:117:Avahi autoip
daemon,,,:/var/lib/avahi-autoipd:/bin/false
avahi:x:107:118:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
usbmux:x:108:46:usbmux daemon,,,:/home/usbmux:/bin/false
kernoops:x:109:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
pulse:x:110:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false
rtkit:x:111:122:RealtimeKit,,,:/proc:/bin/false
speech-dispatcher:x:112:29:Speech
Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false
saned:x:114:123::/home/saned:/bin/false
fred:x:1000:1000:fred,,,:/home/fred:/bin/bash
landscape:x:115:125::/var/lib/landscape:/bin/false
sshd:x:116:65534::/var/run/sshd:/usr/sbin/nologin
mysql:x:117:126:MySQL Server,,,:/nonexistent:/bin/false
$
Q,7) Are these the users of my ubuntu system?
After the ellipses, I think all of that got added as I did a LAMP
install. Now I have a quiver full of questions.
Q1) Now that I have shown /etc/passwd on-line, have I laid out my cards
to hackers who just have a lot of time their hands, be bored and want to
do something interesting. Be aware that my machine and website might
total one hundred bucks in assets.
Q2) Do I want to create a group that comprehends all these differing
agents in apache?
You know what, now that I think about it, all these questions are right
in the strike zone for c.l.php and a.o.l.ubuntu.
Thanks for your comment and cheers,
--
Cal
|
Calendar
Search
Help
Members
Register
Login
Home
]