Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: bakedjake
My question is, are there any security holes or issues with using 755 directories that are owned by "nobody"?
Appreciate any wisdom from you guys. I'm a newb with this subject.
you should think of "nobody" as a complete stranger going through your environment.
think about what you want visible to an unknown/untrusted agent and what you want modifiable or removable by that agent.
i wouldn't give "nobody" ownership or write access to a web script.
if "nobody" happens to be the user name of the server process and it needs write access to something, make sure it is in a safe place.
In order for our scripts to work, we need to have our directories be nobody:eproxim.
This poses a problem. We need to be able to use regular FTP clients without getting errors. Here's an example of an error we're receiving:
553-Can't open that file: Permission denied 553 Rename/move failure: No such file or directory : /www/psdev/Bankroll-Management-101.html
Is there a way around this? What about 644 permissions instead, would this enable us to access these and still be secure?
What if I were to keep the permissions as they are, and use a web-based FTP interface that doesn't use FTP credentials when logging in?
This way the files I'm working with will always belong to nobody. Would I be able to access these files that way though?