One of our members was poking around and noticed that all user files are world readable by default. Normally that isn’t a problem, but we have one or two users with SSH access, who can now go around, read other’s config files, and use the MySQL client to be naughty.
I’m thinking this can be solved without much side effect. Its normally not that big of a deal, but it wouldn’t hurt to take care of it anyway. A page in SiteWorx to chagne the GID on a file to Apache’s group, then remove world writable permissions would do the trick. This way users can select thier configuration files and protect them at will.
Of course, other in-Apache scripts would be able to open the files in other’s directories, but we can fix that elsewhere by using safe mode or other open restrictions.
The user could change the permissions, but not the owner. If the user wanted to change it so the world couldn’t read their file, they would have to remove world read permissions, in which case the web server also couldn’t read the file, so thats a bust
But, if the the file owner is change to the web server, group permissions left as writable, and world permissions removed, the user could still edit and delete the file, and Apache could still read it.
That still wouldn’t prevent other users from opening other user’s files through PHP, but that can be snuffed out with safe mode and open basedir.