File permissions,
and how they relate to your web server.
How to read permissions:
First off you need to know how to use the ls (LiSt) command.
If you have a shell account go ahead and connect to the server.
Even if you don't have a shell account but instead have your own computer with linux on it, that's even better :). Okay, now that you have your shell open, type "ls -l" (without quotes) this lists all non hidden files in long form.
In the case that you want to view all files/folders including the hidden ones type "ls -al" (without quotes). Now, assuming you used "ls -al" you should see something like this...
drwx------ 23 eboy eboy 4096 Aug 29 22:58 ./
drwxr-xr-x 5 root root 4096 Aug 23 20:13 ../
-rw------- 1 eboy eboy 2535 Aug 29 23:055 .bash_history
I know you will have more files listed than that, but at least you can see what it looks like. The format that shows up is as follows...
Permissions File numbers Owner Group Size last modified file/directory
---------- 1 eboy eboy 4000 Aug 29 20:522 myfile
Now let's move on to the permissions and what they mean.
There are 10 permissions slots for each file. The very first slot is the directory position. If the first space has a d it means that the object
is a directory.
Note: All directories have the x attribute marked. Don't confuse this with the execute permission for executable files.
You saw this with the folder "./" in the example above.
The next 3 places are for the owner of the file. The first of the three slots
shows if it's readable by the owner. The next spot shows if it's writable by the owner. Finally, the last slot shows if the file is executable by the owner for example it might be a shell script. This way you don't have to type "sh " to execute the script. You can just type "./shellscript.sh".
The next 3 slots are the permissions of the group the owner is in. The possibilities are read, write and execute as mentioned above.
The last 3 slots show the permissions for everyone else.
File numbers:
You saw above that there is a place where it shows the number of files. Obviously this is set to 1 if the object is a file. If it's a directory it will have at least 2. If the number is 2 then that means there is a directory with some files in it. However if the number listed is 3 it means the directory has some files and another directory inside the first one. I know that may be a little confusing, but play with it to see how it works :).
Owner:
The next spot you can see is where the owner of the file is listed. If you are the owner of a file you can set permissions (very fun :). This allows you to control who can read, write or execute a file.
Group:
Okay, we are almost done. The next part we come across is the name of the group that the owner of the file is in. You can use this for example you only want yourself and the people in a specific group to view your file(s). You are in a programming group named cfreaks. If you wanted the people in the group to be able to access your files/directories then you would set the group and then the permissions for the files as we did above. We will cover permission setting later on.
Size:
The next place you see is where the size of the file is listed. This measures how large the file is in bytes. When you are in the terminal type "du " to show the size of a specific file.
Last modified:
Okay, I think this is fairly simple to understand :). This shows the day and the time that the file/folder was last edited.
File/Directory Name:
This is the last part we need to look at :) I think you can figure this out too. This slot holds the name of the file or the directory that was listed using the "ls" command.
Commands for this topic:
There are 3 commands you will be using in the next couple of sections. Here is a list of them chgrp, chmod, and chown. You can probably guess what each of these stands for, but just in case chgrp = change group, chmod = change mode, chown = change owner.
chgrp:
The command chgrp changes the group for a specific file or directory. The format for this command is as follows "chgrp ". Let's say we have a file named "program.c". You need to put it in the programming group so that all the programmers can view your work. To change the group to cfreaks you would type "chgrp cfreaks program.c". Now, if you type "ls -l program.c" you would see something like this.
-rw-rw---- 1 eboy cfreaks 2535 Aug 29 233:05 program.c
Notice that the permissions are set to read and write for both the user and the group.
chown:
This command uses the same syntax is almost the same as the chgrp command "chown ". If you are moving your files from one user to another user, you need to have access to it. For this example you have a file named files.zip.
You are moving from user eboy to cowboy. Once you move the files.zip file it may still have eboy as owner. So you would type "chown cowboy files.zip". ls -l cowboy reveals the following.
-rw------- 1 cowboy eboy 2535 Aug 29 23::25 files.zip
Uh oh you should probably change the group unless you want eboy to still have access to it. For security reasons you would want to "chgrp cowboy files.zip".
chmod:
This command is a bit more complicated than the ones mentioned above. The syntax is almost the same, here it is "chmod ". Okay, first off we need to see the options we have in order to set them. Here is a list of 3 digit numbers that can be used to set the permissions.
0 - No read, write, or execution permission
1 - execute file only
2 - write
3 - execute, write (2+1)
4 - read
5 - execute, read (1+4)
6 - write, read (2+4)
7 - execute, write, read (1+2+4)
When setting permissions with numbers you enter 3 digits. One digit is for each of the groups of permissions. The first digit contains the permissions for the owner of the file, the second contains the permission for the group, and the third contains the permissions for everyone else. Here is an example command "chmod 700 myprog.sh". This sets the permissions so that you can read, write and execute, but no one in your group or anyone else has access to it. The system administrator can still read your file. So if it's important you will want to encrypt your file.
How this relates to your web server:
Okay, you are running a web server, and you have a directory full of your pictures. The pictures directory is in “images”. If you are like most people your images directory will be viewable by any person that digs far enough into your web page. When someone pulls up the source and sees something like this… SRC=”images/background.gif” they see the path that background.gif sits in. Now, if they were to open their web browser to “http://www.server.com/images” they would see a list of the images inside the directory. Here is another example.
If you install the docs for apache on linux, the docs are put in the HTML directory by default. The directory they sit in is “manual”. You can open your web browser to “http://localhost/manual” now you see the listing of docs. This isn’t a big security threat but you probably want to move the manual folder to some place else. A bigger threat would be say an exposed CGI-BIN folder. Anyways this is what you would see.
Index of /manual
Name Last modified Size Description
Parent Directory 16-Jul-2002 15:21 -
mod/ 03-Jul-2002 15:40 -
Apache/1.3.23 Server at victim.com Port 80
Go through each of the directories and see if they are vulnerable (the fix is coming up). Personally I don’t like people snooping through my files :).
How to fix it:
Taking what you learned from the above sections. You can easily apply them to your files sitting on your server. If you wanted to secure the folder “manual” you would go to the directory of your web files, and now you would type “chmod 700 manual” (remember directories have the executable slot marked. So you need to set the permissions to 700 instead of 600.) This will secure the folder “manual”.
Once it’s secured try to access it again. You should get something like this.
Forbidden
You don't have permission to access /manual/ on this server.
Apache/1.3.23 Server at victim.com Port 80
Another approach:
There is another easier way to secure your web directories. To do this all you need to do is add 1 html page named index.html (the default main page for each directory). Put the file in the directory you want to secure. If someone attempts to view your directory say “tutorial” located at “www.victim.com/tutorial”.
The index.html will be shown that exists in the tutorial directory. One thing you might want to do here if you have a page with tutorial information on it. You may want to link the page in the tutorial directory to go to the tutorial page. You could also just link it to the main index.html. Be creative. : ) Enjoy!
File permission checker:
I’ve decided to include a little permission checking program. This will show you what permissions you have over a specific file. It will not show you all the permissions. The easiest way to check all of them is with ls -l.
# check.sh
# Written on: 8/31/02
# Written by: SysOp007
for l in $*
do
if [[ -r $l ]]
then
echo "File $l is readable."
fi
if [[ -x $l && ! -d $l ]]
then
echo "File $l is executable."
fi
if [[ -w $l ]]
then
echo "File $l is writable."
fi
if [[ -u $l ]]
then
echo "File $l is a SUID program."
fi
done
# End!
Thanks for reading this tutorial. If you have any more questions
email me at HiddenBunkerLabs@yahoo.com.
Enjoy!
-SysOp007
(
geocities.com/hiddenbunkerlabs)