Security Basics mailing list archives

Re: some permission problem?

From: "Meritt James" <meritt_james () bah com>
Date: Wed, 07 May 2003 12:08:46 -0400

Your /etc directory allows browsing?!?!?!?  Hopefully you have added
/etc so spiders don't snag it!

Jim

buzzdee wrote:


Am Dienstag, 6. Mai 2003 09:29 schrieb SB CH:

Hello, all.

I found that some malicious man browsed /etc/passwd file by httpd.
So I would like to block to see /etc/passwd file by nobody(http user)
permission.


you don't need to worry about the permissions of your /etc/passwd file (of
course you should ;-) if you want to stop users getting it over http. just
add a directive like for your .htaccess files.
<Files ~ "^passwd">
    Order allow,deny
    Deny from all
</Files>
this directive in your httpd.conf should stop users from download files calld
passwd.

hth
buzzdee

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------


-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------

Current thread:

some permission problem? SB CH (May 06)
- Re: some permission problem? Remington Winters (May 07)
  - Re: some permission problem? Jeff Harris (May 07)
- Re: some permission problem? martincad (May 07)
  - Re: some permission problem? Jason Burroughs (May 08)
- Re: some permission problem? buzzdee (May 07)
  - Re: some permission problem? Meritt James (May 07)
- Re: some permission problem? Jason Burroughs (May 07)
- Re: some permission problem? Barry Irwin (May 08)
- <Possible follow-ups>
- Re: some permission problem? SB CH (May 09)
  - Re: some permission problem? Devdas Bhagat (May 12)