disabling file:///home/user viewing in apache on fc3
Paul Howarth
paul at city-fan.org
Wed Aug 10 11:22:55 UTC 2005
Ankush Grover wrote:
> On 8/10/05, Paul Howarth <paul at city-fan.org> wrote:
>
>>Ankush Grover wrote:
>>
>>>hey friends,
>>>
>>> Can anyone tell me how to disabling viewing any user's home directory
>>>contents or any directory contents from the browser.
>>>
>>>If I do file:///home/user on the browser and then I can see the
>>>contents of that user's home directory ,even any user can see the root
>>>or any other user's directory.I want to avoid this ,how can i disable
>>>this on my computer. I am using FC3.
>
>
> But it is a secruity breach.I can't read the files normally as the
> chmod is 770 on users /home/user but through browser I can read the
> files.
You can read the files in a browser as a regular user that you can't
read just using "ls" in a terminal? If that's true then it is indeed a
security issue.
> I did change the settings on home
>
> chmod -R 700 /home/*
This will have made every file under /home executable. Is that really
what you wanted?
> Now users can't view the other user's home directory through browser.
chmod 750 /home/*
or
chmod 770 /home/*
should also work, provided the home directories are set up the in
regular Red Hat/Fedora way, i.e. each user has their own group and their
home directories have the users' own group IDs.
>>Unix/Linux is designed to be open in this way. Regular users are
>>supposed to be able to read most directories and files.
>>
>>If you want to stop users being able to access each other's home
>>directories, just make the home directory permissions 750 or 770.
>
>
> If i change home directory permission to 750 and 770 then normal users
> can't login it.
Sorry, I meant the permissions of each user's home directories, not the
/home directory itself.
Paul.
More information about the fedora-list
mailing list