Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

File folder permissions for Linux web server (Amazon EC2)

Posted on 2014-01-05
3
Medium Priority
?
1,116 Views
Last Modified: 2014-01-06
hi guys

I have a web server in the cloud hosted with Amazon cloud. It's a linux server.

Not long ago, the website was badly compromised due to flaws in the PHP code. So the hacker was able to 'inject' some sort of code and was able to make changes to the php file.

The security holes in the PHP code have been patched. However, we're still worried of something like that happening in the future.

As it stands, the files and folders on the public facing side seem to have the 775 permissions. The owner of this group is the actual EC2-user, which is the default user. However you can only access the files/folders as this user if you have a special private key, otherwise you can't (well, the hacker evidently did when the site was vulnerable).

Question is, if this was you, how would you tighten the security? Would you create a new user and set all files and folders on the public side to have 755 permissions and make that user the owner of those files/folders?

thank you
Yash
0
Comment
Question by:Yashy
  • 2
3 Comments
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 39757895
If you can get in as owner, you can always change permissions. Do the files need to be group-writable? They should only be group writable if it's actually necessary.
0
 
LVL 1

Author Comment

by:Yashy
ID: 39758040
The don't need to be group writeable no.

Point is, the new user I create will be given to our developers. So in terms of ownership, what would you change? (if i'm being too vague, let me know what you need and I'll provide more info)

THanks
0
 
LVL 35

Accepted Solution

by:
Duncan Roe earned 2000 total points
ID: 39758684
As root, I would do a chown -R on the system so all the files belong to the newly created user. Still no need for group write I should think.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
Suggested Courses
Course of the Month12 days, 10 hours left to enroll

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question