Permission control on folders

oaskedal

Hi!

I´ve searched around in this forum to find something that explains a solution to my problem, but I couldn't find anything.

Ok, here's my problem.

Whenever I need to write to a directory or folder in the webserver, I have to set the permissions all open (Owner, User and Everyone). I am at the current time trying to create a site with a login. After you have logged in, I've made a script where the users can generate PDF-files. The PDF-information is off course sensitive, so it should not be stored and be available in an open directory that everyone can find and read from.

My question is. How do I set restrictions to this folder without making a conflict with the application trying to store the PDF. If I put some restrictions to the folder now, I always get an errorpage telling me there's some permissionproblems when trying to store the PDF.

I guess there's a simple solution to this common problem, but as a newbie I have no idea where to begin...

Would a solution be :
1) Open the locked directory.
2) Store your content into it
3) Lock it again

Or could I perhapse use some kind of .htaccess

Any help appreciated :-)

etully

Good question.

You need to understand what those permissions are for and what they protect against.

Think of Apache like a person, just like any other user on your system. When Apache runs, it gets a userid just like you or I would. And we need to explicitly state that the user named "apache" (or "web-root" or whatever name your sysadmin chose for Apache) is allowed to WRITE to a certain DIRECTORY.

One solution (which you have already found) is to open up the permissions on the directory so that everyone (user, group, world) all have read/write access. Another solution is to make a PDF directory that is OWNED by Apache. This way, the files that are created inside the directory will automatically be owned by Apache and instead of having to make the directory wide open (777), you really only have to make it 755 or possibly even 700.

So next we have to talk about attack vectors. You need to decide what scenarios you want to protect yourself from.

Are you worried about some kid with a web browser typing in a URL and seeing someone else's PDF?
Are you worried about some hacker cracking your Linux box and rooting around directories and discovering this PDF directory and reading all the contents?
Or are you worried about guys with guns breaking into your ISP and forcing the sysadmin to hook up a keyboard to your web server so that they can rifle through all the files on your web server?

Setting permissions one way or the other isn't going to protect your from attacks #2 or #3. Once they're into your box, permissions aren't going to stop them.

So I'm guessing that you're concerned about vector #1. You could set the permissions to 700 and the kid won't be able to see someone else's PDF's but, the real owner of the PDF's won't be able to see them either.

There are a number of solutions.

My favorite is very simple: put all the PDF's in a directory with simple 755 permissions but give them random unguessable names. Pick 25 random letters and numbers. There's your filename. Make sure the outside world can't see the directory. (Either configure Apache so that directory listings are off or put a blank index.html file in the directory). Now, someone would have to guess trillions upon trillions of possible filenames.

One problem here is that someone could use a program like Wireshark to sniff the line and find out what PDF their boss was just looking at and now they don't need to guess, they simply type in that filename. Using SSL will protect you from that.

So you could give everyone their own htaccess username/password. This is a little tricky to set up and it's still vulnerable to the line sniffing which is why SSL is used. You could set up a web page based username and password and combined with SSL, you'd be reasonably well protected. That is, the user could request a certain PDF file but without the username/password, you don't send it to them. (Note: Do not use a Javascript based username/password system as those are a joke).

There are lots more exotic techniques to protect the data but what you see above should suffice unless you are designing stuff for banks or the CIA.

bradgrafelman

Beyond securing your site to external attacks as etully has described (e.g. moving PDF's above the main htdocs folder, using SSL, etc. et.c), there are also risks of internal attacks as you'd imagine.

Ultimately, the level of security is going to be severely limited by your host. If you wanted to get serious about data security, you could opt for your own dedicated (virtual or not) server; that way you know that you aren't sharing the box with other (possibly malicious) users.

Note that there are also solutions such as suPHP, a module that causes PHP scripts to be executed under their owner's credentials. Thus, you could set file/directory permissions such that only the owner (you) can read/write/executed.

oaskedal

Make sure the outside world can't see the directory. (Either configure Apache so that directory listings are off or put a blank index.html file in the directory)

Thank you so much for both your answers. How do I now whether Apache is configured so that directory listings are off? Is there a function to do this, or should I ask my webhost to do it for me?

bradgrafelman

Create a .htaccess file and put the following in it:

Options -Indexes -MultiViews