Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Create a user for ColdFusion to run as, in this guide we use cfusion, but again feel free to choose a unique<br />
name:<br />
# adduser -g webservices -s /sbin/nologin -M -c ColdFusion cfusion<br />
Specify a strong password for the new user:<br />
# passwd cfusion<br />
2.3.6 - Apache Configuration<br />
Create a directory for ColdFusion Administrator web site:<br />
# mkdir /web/cfadmin<br />
# mkdir /web/cfadmin/wwwroot<br />
Setup permission on web partition:<br />
# chgrp -R webservices /web<br />
# chown -R cfusion /web<br />
# chmod -R 750 /web<br />
Note the permission 750 grants rwxr-x--- permission, meaning owner (cfusion) has full control, while the group<br />
(webservices) only has read and execute permission (execute permission is needed to allow directory traversal<br />
by the user).<br />
Most applications will require some write permission under the web root, you can change owner to root (by<br />
running chgrp root /web/path) for files and directories that do not need write permission. In addition<br />
while directories will require execute permission, files in those directories will not require execute permission.<br />
To Lock Down /CFIDE add the following to your /etc/httpd/httpd.conf file:<br />
<br />
Order Deny,Allow<br />
29