[horde] Files permissions ?

Ole Wolf ole at naturloven.dk
Fri Oct 5 11:41:29 UTC 2012 

On fre, 2012-10-05 at 12:21 +0200, Per Josefsson wrote:

> Possibly ou could take a look at 
> http://www.horde.org/apps/horde/docs/INSTALL and prticularly the 
> "Securing Horde" section.


In addition to what is suggested in that section, I prefer to assign
www-data as an owner only to those files and directories where the web
server requires write access. In my horde directory, the permissions
look like this:

drwxr-xr-x 24 www-data root      4096 maj 29 19:38 .
drwxr-xr-x 14 root     root      4096 sep 29 13:01 ..
drwxr-xr-x  5 root     root      4096 maj 29 19:38 admin
drwxr-x---  2 www-data root     12288 okt  5 12:46 cache
drwxr-xr-x  3 www-data www-data  4096 maj 29 19:38 config
drwxr-xr-x  6 root     root      4096 okt 16  2011 content
drwxr-xr-x  8 root     root      4096 apr 11 12:55 gollem
-rw-rw-r--  1 root     root       203 maj 29 19:38 .htaccess
drwxr-xr-x  9 root     root      4096 jul 21 11:02 imp
-rw-rw-r--  1 root     root      3478 maj 29 19:38 index.php
drwxr-xr-x  9 root     root      4096 jun 26 13:15 ingo
-rw-r--r--  1 wolf     wolf      1431 okt 17  2011 ingo.imap4flags.patch
drwxr-xr-x 12 root     root      4096 jul  1 08:41 js
drwxr-xr-x 12 root     root      4096 maj 14 11:01 kronolith
drwxr-xr-x  7 root     root      4096 maj 29 19:38 lib
drwxr-xr-x 45 root     root      4096 maj 29 19:38 locale
-rw-rw-r--  1 root     root     12407 maj 29 19:38 login.php
drwxr-xr-x 11 root     root      4096 maj 29 19:38 mnemo
drwxr-xr-x 11 root     root      4096 maj 29 19:38 nag
-rw-rw-r--  1 root     root      1887 maj 29 19:38 rampage.php
drwxr-xr-x  2 root     root      4096 maj 29 19:38 rpc
-rw-rw-r--  1 root     root      5403 maj 29 19:38 rpc.php
drwxr-xr-x  3 root     root      4096 jun  6  2011 scripts
drwxr-xr-x 10 root     root      4096 maj 29 19:38 services
-rw-rw-r--  1 root     root      2842 maj 29 19:38 signup.php
drwxr-xr-x  2 www-data root     28672 okt  5 12:46 static
drwxr-xr-x 15 root     root      4096 maj 29 19:38 templates
-rw-rw-r--  1 root     root      7781 maj 29 19:38 test.php
drwxr-xr-x 32 root     root      4096 nov  2  2011 themes
drwxr-xr-x  4 root     root      4096 jun  6  2011 timeobjects
drwxr-xr-x 10 root     root      4096 jul 21 11:02 turba
drwxr-xr-x  2 root     root      4096 maj 29 19:38 util

The configuration files have somewhat stricter permissions where
necessary; for example, in the horde config directory:

drwxr-xr-x  3 www-data www-data  4096 maj 29 19:38 .
drwxr-xr-x 24 www-data root      4096 maj 29 19:38 ..
-rw-------  1 www-data www-data  8751 sep 21 21:57 conf.bak.php
-rw-------  1 www-data www-data  8826 sep 21 21:57 conf.php
-rw-rw-r--  1 root     root     96536 maj 29 19:38 conf.xml
-rw-rw-r--  1 root     root        14 maj 29 19:38 .htaccess
-rw-rw-r--  1 root     root     16521 maj 29 19:38 mime_drivers.php
-rw-rw-r--  1 root     root       557 maj 29 19:38 motd.php
-rw-rw-r--  1 root     root      7961 maj 29 19:38 nls.php
-rw-rw-r--  1 root     root     21298 maj 29 19:38 prefs.php
drw-------  2 www-data www-data  4096 maj 29 19:38 registry.d
-rw-rw-r--  1 root     root     10226 maj 29 19:38 registry.php
-rw-rw-r--  1 root     root       544 maj 29 19:38 spelling.php

-- 
Ole Wolf
Rødhættevej 4 • 9400 Nørresundby
Telefon: 9632-0108 • Mobil: 2467-5526 • Skype: ole.wolf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.horde.org/archives/horde/attachments/20121005/4638c9f7/attachment.bin>

More information about the horde mailing list