Greenguy's Board

Greenguy's Board (http://www.greenguysboard.com/board/index.php)
-   Programming & Scripting (http://www.greenguysboard.com/board/forumdisplay.php?f=15)
-   -   Linkadmin - suexec - 777 problem (http://www.greenguysboard.com/board/showthread.php?t=36880)

eman 2006-12-17 08:08 AM
Linkadmin - suexec - 777 problem
 
Last week I had some security problems on my server which have now largely been addressed, but at a cost - I can't run Linkadmin (Usefulscripts).

Initially it wouldn't load at all - I kept getting a 500 Internal Server Error but I got round that by disabling suexec (whoever she is)

Now I can load the the script and I can do certain things, but I can't review sites - I get this message "Reviewing is not possible because the following files are not writable:" and it gives me a list of the files, all of which are in cgi-bin.

However I'm unable to change the permissions for these files and for certain directories - some of which need to be 777 - I get "access denied".

My hosts now tell me that 777 directories are a huge security risk and they strongly advise against using them. They also recommend that suexec be re-enabled.

Well, that may well be the best solution security-wise, but without Linkadmin I haven't got a site!

I'd be grateful for any suggestions.

I'm thinking that I might do better to cut my ties with linkadmin and switch to another script - one that's properly supported would be nice! Any suggestions, bearing in mind that I've got over 10k links to convert/transfer?
Thanks

MrMaryLou 2006-12-17 08:53 AM
You have a pm :)

boneless 2006-12-17 10:30 AM
suexec cant run on 777 you need to run on 755, its a known issue with all scripts.

eman 2006-12-17 12:43 PM
I think everything's working Ok now - many thanks to MrMaryLou

If you get a problem with submissions please reply to this thread or send me an email.

Thanks

raymor 2006-12-17 12:44 PM
It's always nice to avoid having any directories chmod 777, but sometimes necesary.
On the other hand, there is never any reason at all to EVER use SuExec on a dedicated server.
Doing so only creates huge security problems. Whoever gave you that advice should
either be fired for complete incompetence or enrolled in a system administration class today.
The only thing SuExec can do that is good is to protect you against other
webmasters on a shared server. It does so at the cost of making you much more
vulnerable to outside attackers. What SuExec does is give any visitor to your site
complete permissions to change or delete any of your files or directories.
On a dedicated server it's exactly the same thing as chmod()ing everything 777.

Quote:
However I'm unable to change the permissions for these files and for certain directories - some of which need to be 777 - I get "access denied".
Probably because they are properly owned by use "nobody" rather than your user name.
Any permissions changes would ned to be done by root, but if they are already owned
by "nobody" it may not actually be those files that need to be chmod.
IT may be one of the directroies they are in. The directories containing them
should be chmod 755, or in rare cases 777. If a directory is 666 or 644 or something
you can't access files in it.

eman 2006-12-17 01:16 PM
Quote:
Originally Posted by raymor (Post 319744)
It's always nice to avoid having any directories chmod 777, but sometimes necesary.
On the other hand, there is never any reason at all to EVER use SuExec on a dedicated server.
Thanks for your input, raymor.

I'm addressing this issue with my hosts now.

I'll let you know what they say |thumb


All times are GMT -4. The time now is 09:33 AM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc