securitycentosmod-php

mod_php and world writable files on a VPS


I have a centos 5.8 VPS which is running mod_php rather than fastcgi which i'm used to on shared hosting, and I've run in to the problem that various bits of php intended to write to files need those files to be world writable. The files that are written are like the database for the website, and the rss xml. This isn't secure, is it? What should I do to make it secure?


Solution

  • Who has access to this machine? In other words, who is "world" in this scenario? If it is only you, then you don't have anything to worry about, do you?

    However, if this system is shared with other people, do you trust all of the admins? If you don't, there's very little you can do to protect your files.

    If it is other non-admin users on the system that you are worried about, then you do not want to make your database world-writable. If you cannot write to those files, then the process writing to them (mysql, apache, etc) is running as the wrong user. Preferably, you'd want your files to be owned by the same user as those processes are running under - but only if you can trust that user! If you can't, then you're probaby straight out of luck.