[SLUG] Ignorance alert: permissions
Paul Teasdale
pdt at ryetek.co.uk
Tue Sep 11 13:01:59 BST 2007
>> Why? What's being executed? A jpeg doesn't get executed?
>
> I never figured this out either, it could be that apache does an
> arbitrary check for certain permissions and forbids access otherwise.
> For example I know that if permissions aren't spot on with our .htaccess
> then the process just quits.
>
It's probably down to the fact the rwx don't mean read, write and excute on
a directory if I remember rightly.
On a directory "r" means allow contents to be listed (via ls for example),
"w" means read, write and delete and "x" means enter directory (via cd for
example). It's therefore probably down to the fact that the web server
(which is running as a specific user) simply cannot enter the directory and
therefore cannot serve the file.
One thing that interests me more here is how a file has been hacked in the
first place. OK, poor file permissions may not have helped but how as access
been gained in the first place? Reviewing your file permissions is good but
it's not stopping the root of the problem.
Regards,
Paul.
More information about the Scarborough
mailing list