Re: [Rkhunter-users] Apache2 installed but application httpd not found

Sun, 31 Jan 2010 07:29:28 -0800 

Christian Lauf wrote:
> But could somebody tell me how wise this is?
>
> The symbolic link has the following privileges.
> server:~# ls -lach /usr/sbin/httpd
> lrwxrwxrwx 1 root root 7 2010-01-31 15:36 /usr/sbin/httpd -> apache2
>   

This is OK, perms are being checked on the target.
Btw, have you realised the apache2 is symlink as well? ;)

bianca:~# ll /usr/sbin/apache2
lrwxrwxrwx 1 root root 34 2010-01-15 21:41 /usr/sbin/apache2 ->
../lib/apache2/mpm-prefork/apache2
bianca:~# ll /usr/lib/apache2/mpm-prefork/apache2
-rwxr-xr-x 1 root root 435616 2010-01-02 23:13
/usr/lib/apache2/mpm-prefork/apache2
bianca:~#

A small test:

I have created a file with 600 permissions
bianca:/tmp# touch test
bianca:/tmp# echo test > test
bianca:/tmp# chmod 600 test
bianca:/tmp# ll test
-rw------- 1 root root 5 2010-01-31 16:20 test
bianca:/tmp#

I have created a symlink, which has always full perms (Linux only, it
might be different on UNIX systems)

bianca:/tmp# ln -s test symlink-test
bianca:/tmp# ll symlink-test
lrwxrwxrwx 1 root root 4 2010-01-31 16:20 symlink-test -> test
bianca:/tmp#

And now access the file as a standard user:

bianca:/tmp# su - nobody -c "ls -la /tmp/symlink-test; cat
/tmp/symlink-test"
No directory, logging in with HOME=/
lrwxrwxrwx 1 root root 4 2010-01-31 16:20 /tmp/symlink-test -> test
cat: /tmp/symlink-test: Permission denied
bianca:/tmp#

> Thanks,
> Christian
>   

Hope that helps ;)

Regards
Rado

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to