I've been causing some (security) concerns for myself by thoughtlessly using the dreaded 777 permissions for upload directories to allow the various PHP-based websites that I host at nearlyfreespeech.net to write files there. What this drastic anti-security measure didn't allow me to is to manage these uploaded files through SSH (and SCP/Rsync). In the chroot jail which I'm allowed to enter through SSH, I am ‘me’, while the files created from PHP end up being owned by user ‘web’. However, for some reason these files didn't get owned by group ‘web’ of which the ‘me’ user is a member. Also, I got into trouble with new directories that were being created by the upload scripts.
By Rowan Rodrik, 1 year ago, on February 08, 2013, at 17:02 |
A year ago, my web host thoroughly explained how PHP include vulnerabilities can be exploited, hoping that better user education would leave less member-sites vulnerable to automated attacks by spammer scum.
By Rowan Rodrik, 3 years ago, on November 14, 2010, at 19:11 |
From its inceptions, this blog has run on NearlyFreeSpeech.Net's FreeBSD web hosting service. Because of very clever resource sharing (when not serving visitors, a site hardly takes up resources), their pricing has always been very competitive. That, combined with their technical flexibility, support and transparency has made me more of a fan with every year that I've used their service. Still, sometimes I've been wanting to use something else than CGI (they support many, many programming languages for CGI – even C/C++) or mod_php, like Rails or Django or mod_perl.
By Rowan Rodrik, 3 years ago, on November 14, 2010, at 18:11 |