[Pmwiki-users] file permissions

erik de wild erik.dewild
Sun Aug 10 17:24:58 CDT 2003

This is not a question but more a point of discussion. It's about the 
permissions you should set on the PMwiki files and directories. The 
recommended permission give users the change, when the configuration of 
the apache server allows, to look what files are there and what the 
content is.

I just read the book "Linux Exposed", a book about security and what to 
do about it on a Linux box.  It made me alert.

Giving visitors the possibility to look at the content of files creates 
a security leak because hackers can get very usefull information for 
hacking the site.

Giving group members all the permissions needed to do everything with 
the site is a security leak because a hacker can add his/herself to the 
group and do anything with the site he or she wants.

I think the safest way to run a PMwiki site is to give the user linked 
to the webserver (apache, noboddy, www) full permissions but the group 
or others none.

If you think this is an interesting topic and you agree or disagree with 
me please post a message.

I still have a lot of questions but this is my third mail for the 
evening. If this is to much please let me know in a gentle way.

With friendly regards

Erik de Wild

Tripple-o: open standards, open source, open mind

-------------- next part --------------
Skipped content of type multipart/related

More information about the pmwiki-users mailing list