Dear all, What really disturbes me is that even with suPHP engine ON, PHP scripts can still read from other users directories and even from /etc. Thus giving the ability to expose usernames and passwords to anyone. To what umask and corresponding chmod should the files and dirs be changed, and what umask to set in proftpd.conf? Thanks
Username exposure yes, password exposure no. Passwords are crypted and stored in a shadow file, only accessible by root. I strongly advise against changing permissions of directories like /etc, /bin, etc. It will make your system unusable.
You can change the open_basedir restriction in your php.ini to the document root of all websites (normally /var/www), so the directory /etc can not be accessed.
open_basedir = On doesn't work well with Joomla. And I sell specialized Joomla hosting. Joomla has a file called configuration.php, where all the information is unencripted. What I found out is, that for some reason, if suPHP is on and umask = 077 then .htaccess files are not read bu Apache and nothing works. So what would be a solution to that? I want the files in web directories to be chmod to 600, but in the same time Apache cant read the .htaccess And as you know hosting users can't be told 'we are the best, but you need to manualy change things in order to be our clients' Thanks
Set permissions of only .htaccess to 644? The rest according to user/web with 600? Because .ht files cannot be read anyway by apache due to the configuration (unless you removed the basic restrictions).
