Securing major open source projects 777 folders and files collaboration effort

[David M. Graham]

http://ubuntuforums.org/showthread.php?t=439610 has some helpful suggestions on how to discover file metadata.

Still not sure what you want to accomplish here.  777 file permissions and the absence of an .htaccess file are different issues.  Would expect that deploying a basic htaccess file to the skel directory would take care of this.  Might be useful to have a script that checks periodically to assure one remains present at least.

As for the file ownership / permissions issue, this would appear to be a good time to re-evaluate the use of PHP is_*  test functions as found on the File System Functions page of the PHP manual.

As I recall, at one point these were pretty darn flakey in one way or another.  Possibly the fact that they tend to behave strangely on WAMP servers may have negatively impacted development flow in the  view of some WAMP centric PHP developers, but I seem to recall it being a bit more involved than that.

Still, time to look at it again..

David

[inetbiz]

Does anyone know how to bash check the GID for webserver? If we change the folder permissions to 6775, we need to own the group to the apache webserver group name.

[inetbiz]

What I would like to do is possibly read from fantastico installation, and/or a list of common open source projects or a way to target vulnerable locations and change permissions and write out .htaccees if none exist in locations everyone thinks should be secured. Some open source projects already include an .htaccess file that they think is necessary so our script will only enhance them.

[inetbiz]

Ok we all face issues with new and old accounts having folders and files with 0777 what I would like to do is gather collaboration from many linux admins and bash scripting freelancers. We allow signatures to point back to your website so how about helping out?

Here is the location: StrikeHawk 777 folder permissions bash script

What I currently am building upon is:

Code: [Select]

#!/bin/bash

IFS="$"

cd /home

      ls /var/cpanel/users | grep -v "root\|nobody\|mysql" | while read CUSER; do
      CPATH=~${CUSER}
       
        if [ -d ${CPATH}/public_html ]; then
           chown -Rhc ${CUSER}:${CUSER} ${CPATH}/public_html/*
           find ${CPATH}/public_html -type d -perm 0777 | xargs chmod 0755
           find ${CPATH}/public_html -type f -perm 0777 -name '*.php' | xargs chmod 0640

        fi

      done