asked on File folder permissions for Linux web server (Amazon EC2)
hi guys
I have a web server in the cloud hosted with Amazon cloud. It's a linux server.
Not long ago, the website was badly compromised due to flaws in the PHP code. So the hacker was able to 'inject' some sort of code and was able to make changes to the php file.
The security holes in the PHP code have been patched. However, we're still worried of something like that happening in the future.
As it stands, the files and folders on the public facing side seem to have the 775 permissions. The owner of this group is the actual EC2-user, which is the default user. However you can only access the files/folders as this user if you have a special private key, otherwise you can't (well, the hacker evidently did when the site was vulnerable).
Question is, if this was you, how would you tighten the security? Would you create a new user and set all files and folders on the public side to have 755 permissions and make that user the owner of those files/folders?
thank you
Yash
I have a web server in the cloud hosted with Amazon cloud. It's a linux server.
Not long ago, the website was badly compromised due to flaws in the PHP code. So the hacker was able to 'inject' some sort of code and was able to make changes to the php file.
The security holes in the PHP code have been patched. However, we're still worried of something like that happening in the future.
As it stands, the files and folders on the public facing side seem to have the 775 permissions. The owner of this group is the actual EC2-user, which is the default user. However you can only access the files/folders as this user if you have a special private key, otherwise you can't (well, the hacker evidently did when the site was vulnerable).
Question is, if this was you, how would you tighten the security? Would you create a new user and set all files and folders on the public side to have 755 permissions and make that user the owner of those files/folders?
thank you
Yash
LinuxWeb ServersCloud Computing
Last Comment
Duncan Roe
If you can get in as owner, you can always change permissions. Do the files need to be group-writable? They should only be group writable if it's actually necessary.
ASKER
The don't need to be group writeable no.
Point is, the new user I create will be given to our developers. So in terms of ownership, what would you change? (if i'm being too vague, let me know what you need and I'll provide more info)
THanks
Point is, the new user I create will be given to our developers. So in terms of ownership, what would you change? (if i'm being too vague, let me know what you need and I'll provide more info)
THanks
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.