chmod 777

OnGeboren

Joined: 2002-08-21
Posts: 7
Posted: Sun, 2002-12-22 11:36

What's the use of setting users not being able to view a given album, when they (the users) will just need to go to the albums directory to bworse the files ?

wtf ? chmod 777 is the worst method to enable gallery to access the files. If you set this, you certainly MUST use the server autentications, the apache gives for instance. Otherwise, it's work setting permissions just for nothing.

FOLLOW UP AT Gallery 1.x (1.2, 1.3, etc etc) FORUM !!!

<!-- BBCode Start --><A HREF="http://gallery.menalto.com/modules.php?op=modload&amp;name=phpBB_14&amp;file=index&amp;action=viewtopic&amp;topic=2539&amp;0" TARGET="_blank">click here to go to the right forum</A><!-- BBCode End -->

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Sun, 2002-12-22 12:08

Hi there. Your point is quite valid. But let me play devil's advocate.

A growing percentage of Gallery users are completely new to Unix, new to permissions, and often don't even have shell access, and certainly not chown priveliges on their webservers. While we could have PHP generate the albums directory to be owned by the Apache webuser, it would require more fidgeting with permissions, and then people would complain about not being able to delete it. Sure, making all your valuable photos vulnerable to mass erasure isn't ideal, especially with a lot of webservers running multiple virtual sites all under the same Apache user, but most people are happy just to have Gallery functioning, given their restricted access to their web servers.

That said, you can change your album ownership to the webuser. If you need a script, I have a PHP script which will copy the files over giving the webuser total ownership of the files and directory. You can then restrict albums/ and the files inside to 700. Furthermore, you can put requestor restrictions in the .htaccess file in there to limit requests only to Gallery pages (or hackers masquerading as Gallery pages if they change the headers...) to keep people from snooping around. This is more than enough protection for most people.

Anyhow, Gallery 2 will go even further and alleviate much of this by firewalling the albums directory... which will no longer need to be stored inside the web space, instead having the images tunnelled through PHP to the browser... so they'll only be viewable through the script.

Also, remember that Gallery permissions are not the same as Unix permissions. Even with an 0777 albums directory, nobody browsing in will have write access to the images, only local users logged into that server, and if you put the requestor restrictions in your .htaccess, the only way to gain any access to the images at all is via your Gallery. If you have truly sensitive images, then I trust you'll be doing this. But most people are content with the permissions system Gallery uses. Since the URLs don't point to the albums directory anyhow, very few people would even think to look in there.

So... if you need to make your albums directory more secure, there are plenty of ways to do it. If you're on a shared webserver with a shared Apache user, then you're running a risk of another user being malicious, but that's unavoidable without separate users for each virtual domain.

If you need help getting your site hermetically sealed, just ask, and I'll be happy to point you to some other threads in this forum that'll help you out.

-Beckett (

)

 
OnGeboren

Joined: 2002-08-21
Posts: 7
Posted: Sun, 2002-12-22 13:09

Hi,

Thanks for the fast reply.

So, the problem I went over is that I have the gallery in http://hostname/gallery/ and the albums in http://hostname/albums/ .If you point your browser to the second url you will be able to VIEW all the pictures from ANY album. This is the problem :smile:

I needed to create some albums and let my family members add and view protos there, but not to have all those photos publically accessible. Once I have made the necessary gallery permissions/users etc., I realized it is enough to surf to http://hostname/albums/ to override the gallery interface and view what might actually be private photos. :smile:

Changing the ownership to nobody:nogroup (in my case, as I am the server admin/owner and this is the user apache runs as) doesn't change much things to prohibit access to private albums.
Probably I can put some basic apache authentication via .htpasswd/.htaccess just for the directory(ies) in question and I should be prompted for password when I try to see some pictures from there. :smile: However I think I would do this if nothing else is left to be done/tried.

So... I would appreciate some more ideas on how to deal with this problem.

As an idea from my part I would only suggest gallery to take some moves to implement the basic apache authentication in such a way to integrate it into the gallery so that it remains hidden behind the user interface. I think it could be done in such a way that nobody would even be aware of it's presence. This basic apache authentication should be made at the moment, when somobody decides to make an album available to non-EVERYBODY users. You mentioned some things about gallery 2. Well... I would try to make some code modification in order to try to implement my idea, but I would need to get into the guidelines developers have on this matter. (not to make something useless :smile:

Cheers!

Quote:
Hi there. Your point is quite valid. But let me play devil's advocate.

A growing percentage of Gallery users are completely new to Unix, new to permissions, and often don't even have shell access, and certainly not chown priveliges on their webservers. While we could have PHP generate the albums directory to be owned by the Apache webuser, it would require more fidgeting with permissions, and then people would complain about not being able to delete it. Sure, making all your valuable photos vulnerable to mass erasure isn't ideal, especially with a lot of webservers running multiple virtual sites all under the same Apache user, but most people are happy just to have Gallery functioning, given their restricted access to their web servers.

That said, you can change your album ownership to the webuser. If you need a script, I have a PHP script which will copy the files over giving the webuser total ownership of the files and directory. You can then restrict albums/ and the files inside to 700. Furthermore, you can put requestor restrictions in the .htaccess file in there to limit requests only to Gallery pages (or hackers masquerading as Gallery pages if they change the headers...) to keep people from snooping around. This is more than enough protection for most people.

Anyhow, Gallery 2 will go even further and alleviate much of this by firewalling the albums directory... which will no longer need to be stored inside the web space, instead having the images tunnelled through PHP to the browser... so they'll only be viewable through the script.

Also, remember that Gallery permissions are not the same as Unix permissions. Even with an 0777 albums directory, nobody browsing in will have write access to the images, only local users logged into that server, and if you put the requestor restrictions in your .htaccess, the only way to gain any access to the images at all is via your Gallery. If you have truly sensitive images, then I trust you'll be doing this. But most people are content with the permissions system Gallery uses. Since the URLs don't point to the albums directory anyhow, very few people would even think to look in there.

So... if you need to make your albums directory more secure, there are plenty of ways to do it. If you're on a shared webserver with a shared Apache user, then you're running a risk of another user being malicious, but that's unavoidable without separate users for each virtual domain.

If you need help getting your site hermetically sealed, just ask, and I'll be happy to point you to some other threads in this forum that'll help you out.

-Beckett (

)

 
alindeman
alindeman's picture

Joined: 2002-10-06
Posts: 8194
Posted: Mon, 2002-12-23 18:18

If you put in a .htaccess file in the albums directory

Options -Indexes

You won't be able to browse the album directory per se. However, if someone knows the exact album name, they can still browse photos regardless of Gallery permissions. G2 will fix this problem.

 
OnGeboren

Joined: 2002-08-21
Posts: 7
Posted: Tue, 2002-12-24 12:44

Option -Indexes

This is really a must for the albums directory if non-public albums are present.

I suppose it is enough as it is to prevent unwanted listings.

Thanks a lot.

 
vallimar

Joined: 2002-08-15
Posts: 487
Posted: Sat, 2002-12-28 02:54

You can also use mod_rewrite to generate forced fail's for any referrer not
coming from a valid Gallery page. There is a thread about how to do this
in one of the other Forums and I believe in the Securing section of the User Guide.

I suggest you take a look and use this additional method. To assure yourself
from people being able to idly thumb through your albums directory.