Date: Sat, 2 Aug 2003 20:56:05 -0700 From: "dt" <dt@arbuz.com> To: <freebsd-questions@freebsd.org> Subject: Need Access Control List(ACL) or any kind of substitute for it Message-ID: <000301c35973$2a11b320$5f4f0844@DT>
next in thread | raw e-mail | index | archive | help
Hello, I recently was able to find a web-hosting company that runs FreeBSD. The service, I signed up for, allows me to have a SSH access including series of other services, such as CGI-BIN, Tomcat. On the same machine that my domain is hosted, there are many other accounts; it's not a virtual hosting, where I have a root access to my machine. On the first day, I discovered that I had to make my files publicly available so that Apache could pick up my scripts and run them, which I definitely thought it was not good idea. The only security measures this company took was that you could not 'ls' up to other people's account, but I know that if you know the directory structure you can open anyone's script and look into the content which could reveal a password and the logic of their code. On top of that, locate-database has all the directory structure, which is available to anybody. So, a couple of things I tried to do, which weren't successful. I took away permission from others by chmod 740. And also, to grant apache only, I tried to chown to nobody group (apache is running under this group) which I could not do because I was not part of nobody group. I tried to put nobody user under my group, I was not able to. The only solution I see is ask their admin to put nobody user to my group. Or to have some sort of ACL, so I can explicitly grant permission to nobody user. Please help. Is there any tool that allows me to overcome this obstacle? I will not reveal any information about this company, for obvious reasons, except that they're running: "FreeBSD 4.7-RELEASE". Eventually, I am planning to tell them to fix their security problem, but I need to make a research before I do this, which I'm doing by asking your expertise. Thank you, DT.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c35973$2a11b320$5f4f0844>