Security problem - information disclosure

I would like to ensure that no other users on the server can copy
files from one's home directory to theirs and view the contents. Via a
simple shell script and cron job which is all possible with cpanel for
example. The permissions used to do this are the WORLD permissions.
It is not as simple as just setting the file as say 660, as apache is
also accesing these files to serve to the web using the world
permission also.

Simple php script can echoe contents of another php file form other user's account... now, I'm worried about this allot! People may have some sensitive information in their files... disclosure can lead to major trouble!

Any suggestions?

 

 

 

 

Top