Howto::WebWritableDir: Difference between revisions
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 8: | Line 8: | ||
Making a directory writable by all users is the '''wrong''' way to do this! Here is the proper way: | Making a directory writable by all users is the '''wrong''' way to do this! Here is the proper way: | ||
* Create the directory if it does not already exist. | * Create the directory if it does not already exist. | ||
* Make sure the group ownership of the directory is set to 'web'. If not, then | * Make sure the group ownership of the directory is set to 'web'. If not, then [[Contact Techstaff]] and they can change the group ownership. | ||
* Run the following command on the directory: <code>chmod 2775 "path to directory"</code> | * Run the following command on the directory: <code>chmod 2775 "path to directory"</code> | ||
Latest revision as of 14:37, 14 January 2022
Make a directory writable by webscripts for interactive websites
Introduction
The trend in websites are to be more interactive and dynamic versus static pages. Users increasingly want to run dynamic websites such as blog and CMS based systems. These systems usually require a directory or multiple directories to be writable by the webscripts. By default, web directories are not writable by webscripts. A directory writable by webscripts left unsecured can be easily taken advantage of by hackers to run any code they want. This document will explain how to set up and secure a directory to be writable by webscripts.
Set up directory
Making a directory writable by all users is the wrong way to do this! Here is the proper way:
- Create the directory if it does not already exist.
- Make sure the group ownership of the directory is set to 'web'. If not, then Contact Techstaff and they can change the group ownership.
- Run the following command on the directory:
chmod 2775 "path to directory"
Secure the directory
This step is very important to prevent your website from getting hacked!
- Create a .htaccess file in the writable directory with the following text:
AddHandler cgi-script .php .pl .jsp .asp .sh .cgi
Options -ExecCGI
- This will prevent scripts inside this directory from running.
- Set permissions on the .htaccess file with the following command:
chmod 755 "path to .htaccess file"
- This will prevent webscripts from being able to modify the .htaccess file