CentOS 5.6:.htaccess 上传后的 Apache 访问权限
我正在远程处理我的家庭服务器,并且想要对我的 .htaccess 进行一些更改。我无法使用我的 FTP(filezilla) 查看此文件,并认为那里没有。我决定将计算机中的一个文件上传到 public_html 中的服务器,尽管每个 FZ 上传成功,但该文件没有在任何地方列出,即使我物理访问服务器时也是如此。
看来是被隐藏了。主要问题是,在此之后,现在我收到以下错误消息,并且无法访问我的测试站点:
You don't have permission to access / on this server.
如果我访问我的服务器并禁用 SELINUX 或将其设置为允许,我的页面将开始正常工作。如果我强制执行,我的网页将变得不可用,并且我会看到上面列出的错误。
问题:
- 首先,如何使这个.htaccess在CentOS 5.6系统中可见?
- 强制和允许有什么区别?
- 如果我将服务器设置保留为“允许”,是否会遇到安全风险?
谢谢大家,
I was working on my home server remotely and wanted to make some changes to my .htaccess. I could not see this files using my FTP(filezilla) and thought there was none there. I decided to upload one I had in my computer to my server in public_html and although the upload was successful per FZ, this file is not listed anywhere, even when I physically access the server.
It looks like it is being hidden. The main problem is that after this, now I get the following error message and cannot access my test site:
You don't have permission to access / on this server.
If I access my server and DISABLE SELINUX or make it PERMISSIVE, my pages start working as normal. If I make it ENFORCING my webpage becomes unavailable and I see the error listed above.
Questions:
- First of all, how can I make this .htaccess visible in a CentOS 5.6 system?
- What is the difference between ENFORCING and PERMISSIVE?
- Will I run into Security Risks if I leave my server setup as PERMISSIVE?
Thank you all,
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
呵呵。 4 个月内没有人回答这个问题,因为很难找到直接且明确的答案。具体(根据指南)并且不会开始讨论。但我会尝试一下。
FileZilla可以显示隐藏文件,不同版本方法不同。尝试使用“视图”或“服务器”菜单,或者在内置帮助中查找“隐藏”。
ENFORCING 表示 selinux 正在运行并阻止违反其活动策略的操作。 PERMISSIVE 表示 selinux 正在运行并记录(但不阻止)违反其活动策略的操作。
是的。具体来说,在 ENFORCING 模式下,敌对实体必须上传包含恶意代码的文件并设置该文件的 selinux 上下文才能运行该文件。在 PERMISSIVE 模式下,他们只需要上传文件即可。这是对您的经历最可能的解释:您上传了新的 .htaccess 文件,但没有设置其 selinux 上下文。
Heh. No one has answered this in 4 months because it's hard to find an answer that is direct & specific (per the guidelines) and won't start a discussion. But I'll give it a try.
FileZilla can show hidden files, the method is different for different versions. Try the View or Server menu, or look for "hidden" in the built-in help.
ENFORCING means that selinux is running and prevents actions that violate its active policies. PERMISSIVE means that selinux is running and logs (but does not prevent) actions that violate its active policies.
Yes. Specifically, in ENFORCING mode, a hostile entity would have to both upload a file with malicious code and set the selinux context for the file in order to run it. In PERMISSIVE mode, they just need to upload the file. This is the most likely explanation for your experience: you uploaded a new .htaccess file, but did not set its selinux context.