| Author |
Message |
bboran
Joined: 11 Nov 2011
Posts: 22
|
| Posted: Fri Nov 25, 2011 5:30 am Post subject: /tmp directory |
|
|
I am using ubuntu 10.04 lts on my vps. Is it secure to leave /tmp directory without doing any tweaks. What i want to mean because it is set to chmod 777 do i have to harden its security? If yes, how?
Thank you. |
|
| Back to top |
|
obs
Joined: 07 Mar 2010
Posts: 1403
Location: Earth
|
| Posted: Fri Nov 25, 2011 7:01 am Post subject: |
|
|
Leave it as 777 although running Code: chmod +t /tmp is a good idea this adds the sticky bit to the directory which on linux prevents anyone that isn't the owner or root from deleting it (the owner should be root).
This is what your permissions should look like
Code: ls -lhd /tmp
drwxrwxrwt 4 root root 4.0K 2011-11-25 06:55 /tmp
Some people also like to put /tmp in a separate partition, this stops any rogue processes from filling up the drive, you can also set the noexec and nosuid mount options for a little extra protection thought I wouldn't recommend those unless you know what you're doing they can break package managers (especially cpan for perl) |
|
| Back to top |
|
bboran
Joined: 11 Nov 2011
Posts: 22
|
| Posted: Fri Nov 25, 2011 2:58 pm Post subject: |
|
|
obs thanks for the info! one last similar question.i have a wordpress blog. whenever a user uploads and image, i setup it to store them on a subdomain.
blog url is domain.com
subdomain for uploaded media is img.domain.com
subdomain root directory which is /img should be 777 because with 755 upload not possible. so is this secure ?
(i am running nginx web server btw) |
|
| Back to top |
|
obs
Joined: 07 Mar 2010
Posts: 1403
Location: Earth
|
| Posted: Fri Nov 25, 2011 3:01 pm Post subject: |
|
|
| 777 means any user on the server can do anything in that directory, if you only have one wordpress site then it doesn't really matter. |
|
| Back to top |
|
bboran
Joined: 11 Nov 2011
Posts: 22
|
| Posted: Fri Nov 25, 2011 9:19 pm Post subject: |
|
|
| Thanks! :) |
|
| Back to top |
|
| |
