Howto::WebWritableDir: Difference between revisions

From Computer Science Wiki
Jump to navigation Jump to search
Carnold (talk | contribs)
Created page with " == Make a directory writable by webscripts for interactive websites == === Introduction === The trend in websites are to be more interactive and dynamic versus static pages...."
 
Carnold (talk | contribs)
No edit summary
Line 9: Line 9:
* Create the directory if it does not already exist.
* Create the directory if it does not already exist.
* Make sure the group ownership of the directory is set to 'web'.  If not, then contact the techstaff and they can change the group ownership.
* Make sure the group ownership of the directory is set to 'web'.  If not, then contact the techstaff and they can change the group ownership.
* Run the following command on the directory: chmod 2775 "path to directory"
* Run the following command on the directory: <code>chmod 2775 "path to directory"</code>


=== Secure the directory ===
=== Secure the directory ===
Line 19: Line 19:
</code>
</code>
* This will prevent scripts inside this directory from running.
* This will prevent scripts inside this directory from running.
* Set permissions on the .htaccess file with the following command: <code>chmod 755 "path to .htaccess file"</code>
* This will prevent webscripts from being able to modify the .htaccess file

Revision as of 09:17, 11 January 2013

Make a directory writable by webscripts for interactive websites

Introduction

The trend in websites are to be more interactive and dynamic versus static pages. Users increasingly want to run dynamic websites such as blog and CMS based systems. These systems usually require a directory or multiple directories to be writable by the webscripts. By default, web directories are not writable by webscripts. A directory writable by webscripts left unsecured can be easily taken advantage of by hackers to run any code they want. This document will explain how to set up and secure a directory to be writable by webscripts.

Set up directory

Making a directory writable by all users is the wrong way to do this! Here is the proper way:

  • Create the directory if it does not already exist.
  • Make sure the group ownership of the directory is set to 'web'. If not, then contact the techstaff and they can change the group ownership.
  • Run the following command on the directory: chmod 2775 "path to directory"

Secure the directory

This step is very important to prevent your website from getting hacked!

  • Create a .htaccess file in the writable directory with the following text:

AddHandler cgi-script .php .pl .jsp .asp .sh .cgi

Options -ExecCGI

  • This will prevent scripts inside this directory from running.
  • Set permissions on the .htaccess file with the following command: chmod 755 "path to .htaccess file"
  • This will prevent webscripts from being able to modify the .htaccess file