Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
You may consider using chmod -R 550 /web instead of 750 if write permission is not needed by ColdFusion<br />
on all files or directories.<br />
# chcon -R --reference=/var/www /web<br />
4.2.3: Specify permissions for ColdFusion Directories<br />
chown -R cfusion:root /opt/coldfusion<strong>10</strong>/<br />
chmod -R 750 /opt/coldfusion<strong>10</strong>/<br />
You should consider a more restrictive file permission structure which removes any unnecessary write<br />
permissions. The permissions specified above will allow ColdFusion to have full control over the files in its own<br />
directories as needed by the CF administrator or hotfix installer - a more restrictive approach while more<br />
secure may cause errors in ColdFusion administrator or elsewhere. If you do not make changes in the<br />
ColdFusion administrator and only run the hotfix installer by root you can setup more restrictive file security.<br />
Now to allow access Apache to serve files in the /CFIDE we need to ensure that apache has execute<br />
permissions on all parent folders so that it can traverse the directory structure:<br />
chown cfusion:webservices /opt/coldfusion<strong>10</strong>/<br />
chown cfusion:webservices /opt/coldfusion<strong>10</strong>/cfusion/<br />
chown cfusion:webservices /opt/coldfusion<strong>10</strong>/cfusion/wwwroot/<br />
chmod 7<strong>10</strong> /opt/coldfusion<strong>10</strong>/<br />
chmod 7<strong>10</strong> /opt/coldfusion<strong>10</strong>/cfusion/<br />
chmod 7<strong>10</strong> /opt/coldfusion<strong>10</strong>/cfusion/wwwroot/<br />
chown -R cfusion:webservices /opt/coldfusion<strong>10</strong>/cfusion/wwwroot/CFIDE/<br />
chmod 750 /opt/coldfusion<strong>10</strong>/cfusion/wwwroot/CFIDE/<br />
chcon -R --reference=/var/www /opt/coldfusion<strong>10</strong>/cfusion/wwwroot/CFIDE<br />
4.2.4: Install Apache Connector<br />
As root run the connector installer utility called wsconfig with the following options:<br />
/opt/coldfusion<strong>10</strong>/cfusion/runtime/bin/wsconfig -ws Apache \<br />
-dir /etc/httpd/conf/ \<br />
-cfide /opt/coldfusion<strong>10</strong>/cfusion/wwwroot/CFIDE/ \<br />
50