Results 1 to 4 of 4
  1. #1
    Join Date
    Jan 2002

    Enough is enough!!

    Having /tmp directory open to everyone is really a very bad idea! Any user can simply upload php/cgi shells to his/her account and starts running illegal programs on /tmp.

    How can I prevent users on my server from using shell scripts and executing programs on /tmp?

    (I'm already using cgi/PHP Suexec)

  2. #2
    That's the nature of how the system works. If you prevent it from writing to /tmp, you are likely to break a lot of programs.

    You can try enabling noexec, nosuid on /tmp. That will deter some of it.

    If you want to prevent php shells, you can enable safe mode as well as lock the scripts within the home with open_basedir.

    You can also chmod 700 your compiler programs. This should prevent them from running the compiler even if they circumvent the above.

    If you put in enough roadblocks, chances are you will be left alone since they are lower hanging fruits for the hackers.
    Like us on Facebook to qualify for discounts!
    Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting |
    Services: | Managed Multiple Cores 64bit Servers | Server Management |

  3. #3
    Join Date
    Jan 2002
    I've heard that enabling noexec & nosuid on /tmp would affect mySQL. Is this correct?

    Lots of legal PHP scripts can't run with safe mode. I think cPanel should scan uploaded scripts for possible shells and send weekly reports to root as it does with spam.

    Would cpanel auto update if compiler mode changed to 700?

  4. #4
    Join Date
    Mar 2003
    California USA
    noexec & nosuid will not break mysql
    Steven Ciaburri | Proactive Linux Server Management -
    Managed Servers (AS62710), Server Management, and Security Auditing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts