My scripts (php, python, etc.) and the scripts of other users on my Linux system are executed by the apache user aka “www-data”. Please correct me if I’m wrong, but this might lead to several awkward situations:
- I’m able to read the source code of other users’ scripts by using a script. I might find hardcoded database passwords.
- Files written by scripts and uploads are owned by www-data and might be unreadable or undeleteable by the script owner.
- Users will want their upload-folders to be writeable by www-data. Using a script I can now write into other users upload directories.
- Users frustrated with these permission problems will start to set file and directory permissions to 777 (just take a look at the WordPress Support Forum…).
- One single exploitable script is enough to endanger all the other users. OS file permission security won’t help much to contain the damage.
So how do people nowadays deal with this? What’s a reasonable (architecturally correct?) approach to support several web-frameworks on a shared system without weakening traditional file permission based security? Is using fastCGI still the way to go? How do contemporary interfaces (wsgi) and performance strategies fit in?
Thanks for any hints!
All your point are valid.
Points 1, 3 and 5 are solved by setting the open_basedir directive in your Apache config.
2 and 4 are truly annoying, but files uploaded by an web-application is also (hopefully) removable with the same application.