httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kurtis Rader <>
Subject Re: [users@httpd] Apache permissions stabs new Linux user in face with icepick. Suggestions?
Date Thu, 10 Mar 2016 02:29:25 GMT
On Wed, Mar 9, 2016 at 6:17 PM, Francis Roy <>

> On 16-03-09 08:44 PM, Eric Covener wrote:
>> If you want to serve out of your home directory, it needs to be
>> executable by "other".
> Thank you, Eric and Kurtis, both. That was the problem.
> I did the following:
>    sudo chmod 755 /home/username
> If I may, a follow-up question: does this create a potential security
> vulnerability on my machine that I should find measures of protecting?

Probably not but it's not the sort of question anyone can answer without
spending a few days reviewing your situation. The reason most UNIX distros
create the home directory for a user with mode 750 (no public access) is to
make it impossible for other accounts on the machine, which aren't a member
of your primary group, to guess whether a file is present by exploiting the
search capability. In other words, if you've done "chmod 751" then even if
I'm not a member of the group that owns your home directory I can execute
"ls /media/username/$filename" commands (or equivalent) to probe whether
$filename exists. It's a potential information leak that could
theoretically be used to launch an attack. Whether that's a concern for you
depends on a lot of factors.

Kurtis Rader
Caretaker of the exceptional canines Junior and Hank

View raw message