Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 2 Aug 2003 20:56:05 -0700
From:      "dt" <dt@arbuz.com>
To:        <freebsd-questions@freebsd.org>
Subject:   Need Access Control List(ACL) or any kind of substitute for it
Message-ID:  <000301c35973$2a11b320$5f4f0844@DT>

next in thread | raw e-mail | index | archive | help
Hello, 

I recently was able to find a web-hosting company that runs FreeBSD. The
service, I signed up for, allows me to have a SSH access including
series of other services, such as CGI-BIN, Tomcat. On the same machine
that my domain is hosted, there are many other accounts; it's not a
virtual hosting, where I have a root access to my machine. 

On the first day, I discovered that I had to make my files publicly
available so that Apache could pick up my scripts and run them, which I
definitely thought it was not good idea. The only security measures this
company took was that you could not 'ls' up to other people's account,
but I know that if you know the directory structure you can open
anyone's script and look into the content which could reveal a password
and the logic of their code. On top of that, locate-database has all the
directory structure, which is available to anybody. 

So, a couple of things I tried to do, which weren't successful. I took
away permission from others by chmod 740. And also, to grant apache
only, I tried to chown to nobody group (apache is running under this
group) which I could not do because I was not part of nobody group. I
tried to put nobody user under my group, I was not able to. The only
solution I see is ask their admin to put nobody user to my group. Or to
have some sort of ACL, so I can explicitly grant permission to nobody
user. 


Please help. Is there any tool that allows me to overcome this obstacle?
I will not reveal any information about this company, for obvious
reasons, except that they're running: "FreeBSD 4.7-RELEASE".
Eventually, I am planning to tell them to fix their security problem,
but I need to make a research before I do this, which I'm doing by
asking your expertise. 


Thank you,

DT.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c35973$2a11b320$5f4f0844>