|
|
Joined: Feb 2001
Posts: 12
Junior Member
|
Junior Member
Joined: Feb 2001
Posts: 12 |
Hi, I have quite a delema here. My boss just hired this guy to do PHP scripting for us so he gave him access to our server (not root). He also is a member on our BBS now. I have caught this guy editing his Member File to up his posts and even change his access. My boss wont fire him, so what I want to know is is there ANY possible way to lock this guy out of the /Members directory? Or if not lock him out make it so he cannot edit any file in that directory. The fact that the cgi files in the member's dir must be 777 is really making this hard to do. Any suggestions? We are using Redhat Linux. Thanks
[ February 18, 2001: Message edited by: SeanD ]
|
|
|
|
Joined: Jul 2000
Posts: 1,349
Member
|
Member
Joined: Jul 2000
Posts: 1,349 |
Shouldn't those files be 775 / 755?
I *think* the solution is to find out what the webserver runs as (probably user "nobody") and (assuming you have root access) type:
chown nobody.nobody -R /path/to/Members chmod 0755 -R /path/to/Members
(Where "/path/to/Members" is obviously the path to your members directory. :))
That should block the reading/writing of the member files to anyone except a superuser, and the webserver (Apache?).
|
|
|
|
Joined: Feb 2001
Posts: 12
Junior Member
|
Junior Member
Joined: Feb 2001
Posts: 12 |
Thanks so much for your reply, it worked great except for ONE major issue. For some reason IP decided to hard code into the scripts to change the member cgi files to 0777 every time you reply or post a new topic. So I had to go into ubb_new_reply.cgi and ubb_new_topic.cgi and change four lines that had 0777 to 0755, the are the lines that say $user_member.cgi in it. Also I had to change the file ubb_registration because there is a line in there that has the word $next_number.cgi to create each new member file as 0777. Why in the world would infopop insist on making the permissions 777 when they clearly do not have to be?
|
|
|
|
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
|
Admin Emeritus
Joined: Jan 2000
Posts: 5,073 |
Because on some servers, they have to be. If this guy continues being a PITA, change his member file to 444 - that will prevent ANYONE from editing it, just readnig it... Confronting him directly might be wise as well. [ February 18, 2001: Message edited by: Charles Capps ]
UBB.classic: Love it or hate it, it was mine.
|
|
|
|
Joined: Jul 2000
Posts: 1,349
Member
|
Member
Joined: Jul 2000
Posts: 1,349 |
And if physical violence doesn't work, rm -R his home directory.
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 69
Joined: January 2001
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
|