Topic: Hide some ibays from network

[cool34000]

Is there a way to hide an ibay from the local network shares ?

I'm asking this strange question because some of my ibays are php websites and most of them don't encrypt mysql DB user and password in their config.php file. Anyone authentified on the LAN can see those files simply browsing the 'html' folder of those ibays and of course I want to prevent it !!!

Thanks in advance for your replys.

[pfloor]

Change the group for the ibay to admin.

It will still show in the network shares but only admin will have access to the html directory.

[cool34000]

I've modified all my ibays to fit your advice paul and I also had to change the read group (now set to read=group write=group)
Thank you !

Now I have another question :
I have followed as many people here a lot of how-to which often ask to create an ibay with owner group everyone (egroupware) or give to everyone the read permission on the ibay. Is this bad or is this needed by those special CMS ?

[pfloor]

Putting script applications like a CMS directly into an ibay is not recommended by the developers.  MOST how-to's seem to ignore that warning.

The proper way is to put the applications in the /opt/CMSapplicationX directory and create a custom-template to re-direct the web traffic there.

The only user (as far as I have ever needed anyway) that needs read/write acces to the "CMS" files is apache (www).  I always chmod -R www:www those files and then restrict the access to the files in the manager panel.  I also chmod all the files to the minimum access that will still allow the app to work (usually 600 but never higher than 644).

This is all my personal experience and the developers will most likely cringe if/when they read this.

USE ANY/ALL OF THIS INFORMATION AT YOUR OWN RISK.  RUNNING WEB APPS FROM WITHIN AN IBAY IS CONSIDERED TO BE A SECURITY RISK!!!

[cool34000]

I have managed to move all my CMS to /opt/CMSx, thanks for this !
That was a lot of work but I feel more secure now

I guess everyone should read this post before giving a CMS install howto !

[CharlieBrady]

The only user (as far as I have ever needed anyway) that needs read/write acces to the "CMS" files is apache (www).

In fact the application will need read/write access to very few files or directories. Most application files and directories can be owned root.root or root.www without group write permission.

[cool34000]

OK, so setting up permissions back to root.root...
A CHMOD 0644 seems to be the most used parameters when I look in others contribs installed in /opt. The big job now is to test each CMS to find if there are modifications to do to make details/options working correctly !