This document describes security considerations that should be taken into account when publishing information on the World Wide Web at CSLab.
The web server runs as a specific, unprivileged user, <www-data>, which is a member of the group <www-data>.
Because you have no control over what program other users on the system cause the web server to run, you need to make sure that the user and group <www-data> do not have permission to do any damage to your data. Otherwise, a security hole in another user's program could make it possible for a vandal to deface your web pages.
For most purposes, it's appropriate for your web pages to be world-readable (since the web server needs the ability to read the pages in order to serve them), but not world-writable. Use ls -l to see the permissions on your files, and use the chmod command to set those permissions. The command chmod 644 filename.html will make your file world-readable, but writable only by you.
Any directories you create in your public_html area should also be writable only by you. Otherwise, a vandal could delete your pages, hijack them, or even create new pages that look like they were published by you, which can cause considerable embarrassment. The command chmod 711 directory will set up the permissions on your directory so that only you may create or delete files in the directory, or list the contents of the directory.
Likewise, you should make sure that any files or directories you create in your FTP area (/cs/ftp/pub/username/) are writable only by you.
Remember that the purpose of your public_html and /cs/ftp/pub/username/ directories is the publication of documents on the World Wide Web. Files placed there can be retrieved, even if you don't publish the URL for them. Don't put any files in or under your public_html directory or your /cs/ftp/pub/username/ directory unless it's your intention to explicitly publish them to the Internet at large.
You should also avoid using symbolic links under your public_html directory, since they can be used to circumvent restrictions in the web server configuration.
If you maintain web pages in a project directory under /cs/htdocs/, the comments above about public_html directories apply to all of /cs/htdocs/.
If you have dynamic content on your web pages through the use of CGI programs or similar mechanisms, it's not uncommon for those programs to read their data from files in the course of generating web pages.
Remember that any file in your public_html area (or under /cs/htdocs/ can be fetched by the web server via its corresponding URL. For this reason, you should make sure that any data files your CGI program needs are not located in your public_html directory. Such files should be elsewhere under /cs/htuser/username/. (In the case of pages located in /cs/htdocs/, these files should be located in a corresponding directory beneath /cs/htdata/; if such a directory doesn't exist, ask your POC to create one for you.)
The warnings in the previous section about files read by CGI programs apply equally well to any files you intend your CGI programs to write to. However, there are additional issues you should consider.
Remember that the CGIs of all users run with exactly the same privileges. This means that other users' CGIs can read or modify the same files as your CGIs. You shouldn't assume, for example, that your data is safe just because your CGI is written in such a way that it won't destroy or overwrite the data in the file it writes to; another user's CGI could bypass any checks in your program. In fact, it's not even necessary for another CSLab user to destroy your data intentionally: CGIs are difficult to write securely, and a bug in someone else's CGI program could open the door to vandals.
The Apache web server can be configured on a per-directory basis by creating a file named .htaccess in or under your public_html directory. There are many reasons why you might want to do this:
An .htaccess file affects the directory in which it appears, and all directories below it. (If a subdirectory also contains an .htaccess file, the effects are cumulative.)
The .htaccess file is a very powerful mechanism. It is essential that they not be world-writable: anyone who can modify or create .htaccess files under your public_html directory effectively has complete control over the web pages they apply to.