1 (edited by Admininho 2009-09-24 08:20)

Topic: Securing PunBB

I am installing PunBB and I like it to be as secure as possible. I've done some security configuration on apache following some howtos and now I am mostly concerned securing PunBB itself. I am web-server newbie but has used Linux for a long time.

* When it comes to the database, is it possible to avoid using root as the user? Would it make any difference? If so, what are the minimum privilegies required by the database user with regards to PunBB?

* What file permissions should I use for the PunBB files?
I got the warning that cache should be writable (chmod 777), but would it be more secure if the files all belong to www-user and are only user writable?
Can I make the extension folder read-only after I'm done installing extensions?

* Are there any more directories that need to be writeable?

* Is there any gain in creating another user in the same group as www-user and let him be the owner of the files so that www-user has no chance of changing permissions on files?

* Are there any other step I could take to make PunBB more secure?

Regards
A paranoid newbie admin smile

Re: Securing PunBB

Admininho wrote:

what are the minimum privilegies required by the database user with regards to PunBB?

I think the following will be enough for PunBB:

Select
Insert
Update
Delete
Create
Drop
Alter
Create tmp tables
Admininho wrote:

I got the warning that cache should be writable (chmod 777), but would it be more secure if the files all belong to www-user and are only user writable?

It would. But one may not change file owners on most shared hostings. You can change if you want smile

Admininho wrote:

Can I make the extension folder read-only after I'm done installing extensions?

Sure.

Admininho wrote:

Are there any more directories that need to be writeable?

/img/avatars

Admininho wrote:

Is there any gain in creating another user in the same group as www-user and let him be the owner of the files so that www-user has no chance of changing permissions on files?

Maybe yes.

Make your changes step by step and verify if the forum works fine after each change.

Re: Securing PunBB

Thanks for a quick reply. I tried most of it yesterday and it seems to work (at least the functionality I've tried so far). smile