I am on a shared server (DreamHost). My RoR project contains confidential information in the structure of its code, its logs, and of course its mysql database. W are the minimum chmod permissions to set so that the app is still served correctly by Apache, but otherwise grants minimum world access? Most just leave it at "chmod -R 755 rorfolder" but that''s a bit too open for my taste. Do I *have* to have all the code be o+r? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Sai Emrys wrote:> I am on a shared server (DreamHost). My RoR project contains > confidential information in the structure of its code, its logs, and of > course its mysql database. > > W are the minimum chmod permissions to set so that the app is still > served correctly by Apache, but otherwise grants minimum world access? > > Most just leave it at "chmod -R 755 rorfolder" but that''s a bit too > open for my taste. Do I *have* to have all the code be o+r?I''m assuming the user owns the directory so you have to set 701 on the root and public directory so apache can access them as other. I''m assuming the dispatch file is being suexeced so that could be 700. All other directories should be 700 and all other files should be 600. Of course I could be way off base also. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Dec 12, 8:14 pm, Michael Greenly <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> I''m assuming the user owns the directoryUser owns the directory except ~/logs which is owned by root and used for Apache logs.> I''m assuming the dispatch file is being suexeced so that could be 700.Wrong on that count. No su access at all; dispatch is executed as user. - Sai --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Sai Emrys wrote:> On Dec 12, 8:14 pm, Michael Greenly <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> > wrote: >> I''m assuming the user owns the directory > > User owns the directory except ~/logs which is owned by root and used > for Apache logs. > >> I''m assuming the dispatch file is being suexeced so that could be 700. > > Wrong on that count. No su access at all; dispatch is executed as user. > > - SaiApache would normally run dispatch as the user used to run apache. If it''s running dispatch with the user account it must be suexeced -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---